From 838ef21b0d55e6d87bbdf9a0e6b14ba67a097d21 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arnaud=20Cogolu=C3=A8gnes?= Date: Mon, 25 May 2020 17:53:34 +0200 Subject: [PATCH] Document authentication sequence --- deps/rabbitmq_stream/docs/PROTOCOL.adoc | 40 +++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/deps/rabbitmq_stream/docs/PROTOCOL.adoc b/deps/rabbitmq_stream/docs/PROTOCOL.adoc index e360e63ab9..795ae02c63 100644 --- a/deps/rabbitmq_stream/docs/PROTOCOL.adoc +++ b/deps/rabbitmq_stream/docs/PROTOCOL.adoc @@ -364,3 +364,43 @@ Delete => Key Version CorrelationId Stream CorrelationId => int32 Stream => string ``` + +== Authentication + +Once a client is connected to the server, it initiates an authentication +sequence. The next figure shows the steps of the sequence: + +[ditaa] +.Authentication Sequence +.... +Client Server + + + + | SASL Handshake | + |-------------------------->| + |<--------------------------| + | | + | SASL Authenticate | + |-------------------------->| + |<--------------------------| + | | + | Tune | + |<--------------------------| + |-------------------------->| + | | + | Open | + |-------------------------->| + |<--------------------------| + | | + + + +.... + +* SaslHandshake: the client asks about the SASL mechanisms the server supports. It +can then pick one from the list the server returns. +* SaslAuthenticate: the client answers to the server's challenge(s), using the +SASL mechanism it picked. The server will send a `Tune` frame once it is satisfied +with the client authentication response. +* Tune: the server sends a `Tune` to suggest some settings (max frame size, heartbeat). +The client answers with a `Tune` with the settings he agrees on, possibly adjusted +from the server's suggestion. +* Open: the client sends a `Open` frame to pick a virtual host to connect. The server +answers whether it accepts the access or not. \ No newline at end of file