Posted 6 months ago

Authentication #9

  • Add an endpoint /eth/v1/keystores/auth that is not protected by any form of authentication. It returns a response with an absolute path to a file containing an auth token. The assumption here is that the user of the VC API is a privileged entity with access to the machine the VC is running on, and permission to read this file. - @michaelsproul { "token_path": "/home/michael/.lighthouse/mainnet/validators/api-token.txt" }
  • All other endpoints require an Authorization: Bearer $token header with the value of the token loaded from token_path. The intention is that the token remains the same across multiple VC restarts, unless the user specifically regenerates a new token (this can happen out of band, e.g. by deleting the file and restarting the VC, or using a non-standard API).- @michaelsproul
  • Introduce a new flag command to generate the token into a file, and introduce a new flag to enable APIs - @james-prysm