Document authentication sequence

2020-05-25 17:53:34 +02:00 · 2020-05-25 17:53:34 +02:00 · 838ef21b0d
parent 4faa853b00
commit 838ef21b0d
1 changed files with 40 additions and 0 deletions
--- a/deps/rabbitmq_stream/docs/PROTOCOL.adoc
+++ b/deps/rabbitmq_stream/docs/PROTOCOL.adoc
@ -364,3 +364,43 @@ Delete => Key Version CorrelationId Stream
  CorrelationId => int32
  Stream => string
 ```
+
+== Authentication
+
+Once a client is connected to the server, it initiates an authentication
+sequence. The next figure shows the steps of the sequence:
+
+[ditaa]
+.Authentication Sequence
+....
+Client                      Server
+  +                           +
+  |      SASL Handshake       |
+  |-------------------------->|
+  |<--------------------------|
+  |                           |
+  |     SASL Authenticate     |
+  |-------------------------->|
+  |<--------------------------|
+  |                           |
+  |           Tune            |
+  |<--------------------------|
+  |-------------------------->|
+  |                           |
+  |           Open            |
+  |-------------------------->|
+  |<--------------------------|
+  |                           |
+  +                           +
+....
+
+* SaslHandshake: the client asks about the SASL mechanisms the server supports. It
+can then pick one from the list the server returns.
+* SaslAuthenticate: the client answers to the server's challenge(s), using the
+SASL mechanism it picked. The server will send a `Tune` frame once it is satisfied
+with the client authentication response.
+* Tune: the server sends a `Tune` to suggest some settings (max frame size, heartbeat).
+The client answers with a `Tune` with the settings he agrees on, possibly adjusted
+from the server's suggestion.
+* Open: the client sends a `Open` frame to pick a virtual host to connect. The server
+answers whether it accepts the access or not.