Skip to content

Node.js: remove Basic Authentication #2241

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
renejeglinsky merged 6 commits into from
Dec 16, 2025
Merged

Node.js: remove Basic Authentication #2241

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
2a66501
Node.js: remove Basic Authentication
sjvans Dec 2, 2025
4d9b1e2
tip
sjvans Dec 2, 2025
f9fea27
Merge branch 'main' into rm-Basic-Authentication
sjvans Dec 2, 2025
697148c
really remove
sjvans Dec 3, 2025
cb928ec
Merge branch 'main' into rm-Basic-Authentication
sjvans Dec 3, 2025
59cb4aa
Update node.js/authentication.md
renejeglinsky Dec 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion about/features.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ Following is an index of the features currently covered by CAP, with status and
| [Streaming & Media Types](../guides/providing-services#serving-media-data) | <X/> | <X/> | <X/> |
| [Conflict Detection through _ETags_](../guides/providing-services#etag) | <X/> | <X/> | <X/> |
| [Authentication via JWT](../guides/security/authorization#prerequisite-authentication) | <Na/> | <X/> | <X/> |
| [Basic Authentication](../guides/security/authorization#prerequisite-authentication) | <Na/> | <X/> | <X/> |
| [Mocked Authentication](../guides/security/authorization#prerequisite-authentication) | <Na/> | <X/> | <X/> |


<br>
Expand Down
45 changes: 5 additions & 40 deletions node.js/authentication.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,9 @@ This strategy creates a user that passes all authorization checks. It's meant fo

This authentication strategy uses basic authentication with pre-defined mock users during development.

::: warning Mocked authentication is not suitable for production!
:::

> **Note:** When testing different users in the browser, it's best to use an incognito window, because logon information might otherwise be reused.

**Configuration:** Choose this strategy as follows:
Expand Down Expand Up @@ -254,48 +257,10 @@ If you want to restrict these additional logins, you need to overwrite the defau
}
```


### Basic Authentication {#basic }

This authentication strategy uses basic authentication to use mock users during development.

> **Note:** When testing different users in the browser, it's best to use an incognito window, because logon information might otherwise be reused.

**Configuration:** Choose this strategy as follows:

::: code-group
```json [package.json]
"cds": {
"requires": {
"auth": "basic"
}
}
```
::: tip
The pre-defined mock users can be deactivated by using kind `basic` instead of `mocked`. In that case configure users yourself, as described previously.
:::

You can optionally configure users as follows:

::: code-group
```json [package.json]
"cds": {
"requires": {
"auth": {
"kind": "basic",
"users": {
"<user.id>": {
"password": "<password>",
"roles": [ "<role-name>", ... ],
"attr": { ... }
}
}
}
}
}
```
:::

In contrast to [mocked authentication](#mocked), no default users are automatically added to the configuration.


### JWT-based Authentication { #jwt }

Expand Down