Authentication

Numeraire SwissKnife supports multiple authentication methods:

JWT (`auth_provider = "jwt"`)

JWT authentication gives full access to an admin via the sign-in endpoint. It only requires jwt.secret to be set in the configuration file (and optionally jwt.token_expiry).

The admin password is not set in the configuration file. On first launch you set it through the sign-up endpoint, which stores it hashed in the database. The admin username is fixed as admin.

JWT authentication can also be used with third-party authentication providers that do not provide asymmetric keys (like Supabase). In this case, the jwt.secret value should be set in the configuration file.

See the configuration values for JWT here.

OAuth2 (`auth_provider = "oauth2"`)

OAuth2 authentication allows users to sign in with their OAuth2 provider. The domain and audience need to be set in the configuration file.

oauth2.domain is the OpenID provider issuer base URL. Numeraire SwissKnife resolves the JWKS URI and the canonical issuer from this base via OpenID Connect (OIDC) discovery (the scheme defaults to https when omitted), so it works with any OIDC-compliant provider, not just Auth0. It will then automatically fetch the JWK Set in intervals (jwks_refresh_interval) from the provider and validate the JWT, enabling key rotation.

See the configuration values for OAuth2 here.

Tested with Auth0.

API keys

In addition to JWT and OAuth2, requests can be authenticated with an API key. API keys are created per user with scoped permissions and are presented on each request, granting access limited to the key's permissions.

Not finding your preferred auth method?

If you want to use a different authentication method, please open a feature request on our GitHub repository.

JWT (auth_provider = "jwt")​

OAuth2 (auth_provider = "oauth2")​

API keys​

Not finding your preferred auth method?​

JWT (`auth_provider = "jwt"`)

OAuth2 (`auth_provider = "oauth2"`)

API keys

Not finding your preferred auth method?