This document explains how to handle client tokens via both HTTP and gRPC.
Authorization
HeaderAuthorization
header is most appropriate.
It must be provided in the form Authorization: Bearer <client_token>
.
The following examples illustrate this in the context of various programming languages:
Cookie
HeaderCookie
based authentication in the browser.Cookie
called flipt_client_token
.
Set-Cookie
response header during the authentication method exchange.
In a browser context this means subsequent API calls will be automatically authenticated given the API requests are invoked with credentials included (cookies are enabled). Flipt’s UI leverages this mechanism for its login functionality.
authorization
metadata key should be supplied with a single string Bearer <client-token>
to any RPC calls.