Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authentication layer for glee, support for different authentication frameworks #377

Closed
Tracked by #514 ...
Souvikns opened this issue Jan 17, 2023 · 5 comments
Closed
Tracked by #514 ...
Labels
enhancement New feature or request stale

Comments

@Souvikns
Copy link
Member

Souvikns commented Jan 17, 2023

Currently, as a user when we are using glee to build a WebSocket server the only way of authenticating is by writing your own authentication logic in the functions. Which is repetitive and not a good solution when you have a large application, with the addition of WebSocket and HTTP adapters, glee needs support for authentication and authorization. Right now glee needs some kind of Authentication middleware for both server and client adapters.

Currently, client adapters are able to send authentication parameters with the help of glee config, and this needs to be updated so that it can support multiple authentication and authorization process.

mqtt: {
authentication: {
cert: async () => fs.readFileSync('./mosquitto.org.crt')
}
}

For starters, we need to support some popular authorization processes-

  • Token-based authentication: In this method, the client requests an access token from the server, which can then be used to access protected resources. The token is sent with each websocket request and is used by the server to verify the client's identity and determine their authorization.
  • Basic authentication: This method uses the same basic authentication process as the HTTP protocol, where the client sends an HTTP request with a header that contains a username and password. The server verifies the credentials and returns a response with the requested resource if the user is authenticated.
  • Certificate-based authentication: In this method, the client and server use digital certificates to establish trust and verify identity. The client presents a certificate to the server, which then verifies the certificate's validity and authenticity.
  • Session-based authentication: This method works similarly to session-based authentication in the HTTP protocol, where the server creates a session for the user and associates it with an identifier. The client then sends the identifier with each websocket request, allowing the server to identify the user and determine their authorization.
  • OAuth 2.0 authentication: OAuth 2.0 is an open standard for authorization that provides secure access to resources by delegating access to third-party applications. The client requests access to a resource from the server, and the server returns an authorization code, which the client can then use to obtain an access token.
@Souvikns Souvikns added the enhancement New feature or request label Jan 17, 2023
@Souvikns
Copy link
Member Author

Just putting a thought out there, since glee is using middlewares we could use https://www.npmjs.com/package/passport to implement authentication.

@octonawish-akcodes
Copy link

I am interested in this under gsoc 2023, can you guide me to get started with this issue.

@oviecodes
Copy link
Contributor

oviecodes commented Mar 9, 2023

@Souvikns @fmvilas @KhudaDad414 I would love to give this a try

@Infamia2334
Copy link

Infamia2334 commented Mar 18, 2023

@Souvikns @AceTheCreator This sounds like an exciting issue to work on, however I think we should also explore other ways of adding authentication rather than using passport.js. Maybe even writing one of our own. Here are a few points I want to share:

  • The documentation for passport.js is not exactly clear on how things work under the hood. It is like a black box, one has to play around to understand its functionalities.
  • At the end, it is just the same work as writing your own authentication middleware. One still has to write their own configuration and callback even with passport.js.
  • Counterpoint: On the other hand it supports multiple authentication strategies like OAuth/OAuth2 with minimal amount of code - we don't need it absolutely but in this use case it might help to develop the auth layer much quicker.

@github-actions
Copy link
Contributor

This issue has been automatically marked as stale because it has not had recent activity 😴

It will be closed in 120 days if no further activity occurs. To unstale this issue, add a comment with a detailed explanation.

There can be many reasons why some specific issue has no activity. The most probable cause is lack of time, not lack of interest. AsyncAPI Initiative is a Linux Foundation project not owned by a single for-profit company. It is a community-driven initiative ruled under open governance model.

Let us figure out together how to push this issue forward. Connect with us through one of many communication channels we established here.

Thank you for your patience ❤️

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request stale
Projects
None yet
Development

No branches or pull requests

5 participants