Caido
Get StartedHow-to GuidesTutorialsReferenceConceptsTroubleshooting

Authentication

Each instance requires access control to authenticate the Caido GUI (client component) to the Caido CLI (server component).

DANGER

Although the API is authenticated, the proxy traffic is currently unprotected. We strongly advise not to expose your Caido instances to the open internet.

Authentication in Caido is based on OAuth 2.0 protocol.

User authentication

Like we mentioned in instance registration, each Caido instance registers itself with our Cloud as an OAuth 2.0 client.

When you click on Login on the instance, it performs a Device Authorization flow. Currently this flow requires a human approval via the website (we are working on removing this limitation).

Authenticate user flow.

NOTE

We do not make any guarantees on the lifetime of the tokens. Currently the access token is valid for 7 days and the refresh token is valid for 3 months.

Instance authentication

Under the cover, the instance will also perform a Client Credentials flow to have a token to identify itself with the cloud. This allows the instance to retrieve metadata like the Workspace in which it lives.