Authentication
Authentication
Authentication model across the engine and hosted platform.
Authentication in rstream is token-based. The engine reads tokens from Authorization: Bearer <token> and, when the header is not present, from the rstream.token query parameter.
The engine supports multiple authentication backends depending on the edition and deployment. Community builds validate JWT tokens using a shared secret. Enterprise builds can also validate tokens against a Mongo-backed credential store.
HTTP tunnels can additionally use rstream auth, which is a session-based mechanism intended for browser flows.