-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AsyncAPI: Authentication and Authorization support for websocket adapters. #17
Comments
Hi @AceTheCreator @jansche , I am Mitchell (SDE with 2 year experience). I hadn't participated in GSOC before, but this year I am looking forward to be an active participant. And I think this project will be compatible for me as I am going to pursue it with my full-time job. Hope to hear from your side about how I can proceed with this project. |
Hi Mentors [ @AceTheCreator @jansche @Souvikns @KhudaDad414 ] I am Shreya who is a technology enthusiast and first time participating in GSOC with the wish to be contributing towards "Authentication layer for glee, support for different authentication frameworks" As per Contribution Guide I would like to introduce myself as a candidate to work on this project which is selected for GSOC 2023 Q1) What interests you most about this project ?
I have experience working with Authentication, authorization system and believe in the idea of 'multiple authentication and authorization process' as world moves towards things which makes things easier, scalabe and more secure. I believe I can contribute towards this project in meaningful way. Q2) As mentors and project coordinators, how can we get the best out of you?
I believe in continuous improvement hence open to feedback [ be it technical or social or in other areas ], willing to learn new technologies, tools and approaches to improve my skills and contribute towards the project. Q3) Is there anything that you’ll be studying or working on whilst working alongside us?
Q4) We'd love to hear a bit on your work preferences, e.g. how you keep yourself organized, what tools you use, etc?
I can give daily 4-5hr or more (depending upon office work) towards this project. I am open to work in US, UK, or India timezone depending upon the project requirement. To keep myself organized I make use of notepads, reminders, and personal notes with timing. Skill stack which I currently have which can be used to contribute towards the project: JavaScript, yaml, json, typescript, RTC, socket.io, middleware, REST API, Authentication process, etc As I mentioned previously I believe in continuous improvement hence open to feedback [ be it technical or social or in other areas ], willing to learn new technologies, tools and approaches to improve my skills and contribute towards the project. Q5) Once you’ve selected a project from the ideas section, please suggest a weekly schedule with clear milestones and deliverables around it. Alternatively, if you want to propose your own idea then please include an outline, goals, and a well-defined weekly schedule with clear milestones and deliverables.
Week 1: Research and analysis of existing authentication and authorization systems used in WebSocket servers. Week 2-3: If possible try to implement mini version of middleware and try to configure it with Glee. Week 4-5: Submit a pull request with the changes in glee.config.js which can be used to achieve the result. Week 6-7: Integration testing of the authentication and authorization feature with glee. Week 8: Final review and testing of the code. ============================================================== I request you to provide me with Mandatory qualification task so I can start contributing towards the project. At present I am looking at asyncapi/glee/issues to get started with the contribution Looking forward to hearing from your side |
Dear Mentors and Project Coordinators, I am Shubhashish Sinha, a sophomore at BITS Pilani, Pilani Campus, and a first-time participant in GSOC. I am writing to express my interest in contributing to your project. What interests me most about this project is the opportunity to learn and develop my skills in building WebSocket servers with glee and implementing authentication middleware. As a developer, I am always looking for ways to expand my knowledge and contribute to meaningful projects. To get the best out of me, I would appreciate clear communication and guidance on the project goals and milestones. I am open to constructive feedback and willing to make changes to ensure the success of the project. Additionally, I am willing to collaborate and communicate regularly with the team to ensure that we are on track with the project timeline. Whilst working alongside you, I plan to study and research best practices in authentication middleware implementation, WebSocket servers, and glee configuration. I am committed to delivering high-quality work and will use the necessary tools and resources to keep myself organized and on track. I usually keep myself organized by using project management tools such as Trello and Asana, and version control tools such as Git and GitHub. If selected for the project, I would propose the following weekly schedule with clear milestones and deliverables: Week 1: Research and study existing authentication middleware implementation and glee configuration. Deliverable: A summary of best practices for authentication middleware implementation. Week 2: Develop a prototype of the authentication middleware for glee server and client adapters. Deliverable: A working prototype of the authentication middleware for glee server and client adapters. Week 3-4: Test and debug the authentication middleware implementation. Deliverable: A tested and debugged implementation of the authentication middleware for glee server and client adapters. Week 5-6: Document the implementation process and create a user guide for the authentication middleware. Deliverable: A user guide for the authentication middleware implementation. I look forward to hearing back from you. |
Hi Mentors [ @AceTheCreator @jansche @Souvikns @KhudaDad414 ] I am Rudresh pursuing Bachelor in Technology and I am excited to participate in GSOC 2023 for the first time. I am interested in contributing towards the "Authentication layer for glee, support for different authentication frameworks" project. My interest in field of Software Engineering grew after creating my own projects using Python, Machine Learning, CSS, HTML, JavaScript and I believe I will be great asset towards this project. I will be introducing myself by referring to format mentioned in Contribution Guide Q1) What interests you most about this project ? After reading the problem statement I researched on each keyword and found the project to be more interesting and wanted to contribute towards the project on changing parameters of glee.config.js to enable multiple authentication and authorization process. What excites me the most about this project is the opportunity to contribute to a project that has the potential to positively impact the development community and creating a win-win situation for both parties. Q2)As mentors and project coordinators, how can we get the best out of you? As for getting the best out of me, I work well when given clear instructions and expectations. I would appreciate regular check-ins and feedback to ensure that I am on track and meeting project goals. Q3) Is there anything that you’ll be studying or working on whilst working alongside us? As I embark on this project, my foremost goal is to expand my knowledge of the intricacies of implementing enablement of multiple authentication and authorization with Glee. In addition, I aim to hone my coding skills, such as design patterns, testing methodologies, and best practices, so that my contributions are not only robust but also maintainable. I am eager to immerse myself in the project standards and leverage any available resources to create a top-notch solution that meets the project's requirements. Q4) We'd love to hear a bit on your work preferences, e.g. how you keep yourself organized, what tools you use, etc? In terms of work preferences, I keep myself organized by breaking tasks down into smaller, manageable pieces and using project management tools like Trello or Asana to keep track of my progress. I also make sure to communicate regularly with my team members to ensure that we are all on the same page. Q5)Once you’ve selected a project from the ideas section, please suggest a weekly schedule with clear milestones and deliverables around it. Alternatively, if you want to propose your own idea then please include outline, goals, and a well-defined weekly schedule with clear milestones and deliverables. Below is rough weekly schedule but it can be changed based on feedback and discussion Week 1: Conduct research and analysis on existing authentication and authorization systems used in WebSocket servers Week 2-3: Tweak parameters present in glee.config.js so as to achieve the end result of enabling multiple authentication and authorization process. Week 4-5: Submit a pull request with the changes in glee.config.js which can be used to achieve the desired result Week 6-7: Conduct integration testing of the authentication and authorization feature with glee Week 8-9: I look forward to working with the mentors and contributing to the success of this project! |
Hello everyone, it's wonderful to see so many of you interested in the project! The proposal period is set to open on March 20th, so there's no need to rush your proposal just yet. Instead, I would recommend taking this time to become more familiar with the project and the AsyncAPI community. Use this period to explore the codebase and get to know the mentors. If you have any questions or ideas, feel free to share them here: asyncapi/glee#377. We're eager to hear from you and welcome your contributions. |
My Tech Stack Includes : C, C++ , Python , Java, JavaScript , HTML , CSS , SQL |
Currently Learning NodeJS |
Greetings mentors @AceTheCreator @jansche @Souvikns @KhudaDad414
I look forward to discussing this opportunity further and learning more about how I can contribute to the Postman Open Technologies community. Thank you for your consideration. Best regards, |
Kind reminder to everyone, don't forget to register on the GSoC website and submit your proposal officially. If you want mentors to review your proposals do share them with us at [email protected] and [email protected]. |
Hi there! While reviewing the project description, I understand that we need to implement 4 types of authentication but I am particularly excited to work on TLS authentication and OAuth 2.0 because these will be new for me to implement. I have implemented basic and token-based authentication using javascript. I am eager to work with the team and contribute to this feature. |
Hello everyone, My name is Akshat jangid, and I am excited to introduce myself to this community. I am a MERN stack developer with 2.5 years of experience. My skills include ReactJS, NodeJS, nextjs , TypeScript, Express and databases like MongoDB. I am very interested in contributing to GSOC 2023 and would love to be a part of this community. I am passionate about programming and enjoy working on projects that challenge me to learn new skills and technologies. and here is my answers of the questions raised in this project. As a software developer, I find the implementation of secure and reliable authentication and authorization mechanisms to be one of the most interesting aspects of the Glee Project. and I have experience in the tech stack which we’ll be using in this project and also with the solution proposed in this. Therefore, I am excited to contribute in this project. Looking forward to working together on an exciting project in the future. 2.) As mentors and project coordinators, how can we get the best out of you? I believe that clear communication, specific objectives, feedback, and a good working relationship are key to getting the best out of me. I appreciate receiving feedback on my work to help me improve and refine my approach. Positive feedback motivates me to continue doing good work. 3.) Is there anything that you’ll be studying or working on whilst working alongside us? Yes, I am 3rd-year student of Bachelor in Technology (Mechatronics Engineering) 4.) We'd love to hear a bit about your work preferences, e.g. how you keep yourself organized, what tools you use, etc? Work preferences : I will be going to work on this project for 4 to 5 hours per day or if there is a need I can extend this time zone. I can work in different time zones like India, US, or UK. for organizing myself I use a digital calendar to schedule appointments and deadlines, and I set reminders to ensure that I don't miss any important tasks. I also use a task management app to keep track of my to-do lists and prioritize my work. and these digital things work for me as a tool in my daily life. 4.) Once you’ve selected a project from the ideas section, please suggest a weekly schedule with clear milestones and deliverables around it. Alternatively, if you want to propose your own idea then please include an outline, goals, and a well-defined weekly schedule with clear milestones and deliverables. I would propose the following 10-week schedule with clear milestones and deliverables: Week 1-2:
Week 3-4:
Week 5-6:
-Milestone--> creating pull request and proper documentation.
Week 9-10:
finally , the goal of this project would be to provide Glee users with a secure and reliable authentication and authorization mechanism for their WebSocket servers, thereby enhancing the overall security and privacy of their communication channels. |
Hi @Souvikns @KhudaDad414 I am Vishesh, a 3rd year computer science student at VIT University, Vellore and I would love to work on this project. I have around an year of experience working with Golang, Rust NodeJS, MongoDB, Express, GraphQL and creating RESTful APIs. I am highly looking forward to be a potential contributor for this project and organization! AsyncAPI is a specification that defines a common format for describing asynchronous APIs. It provides a standardized way to define the structure of messages exchanged between services in an asynchronous communication system. When it comes to implementing authentication in AsyncAPI, it is important to consider the security needs of the system and the various authentication frameworks that can be used to meet those needs. In the case of the glee system, the authentication layer can be implemented using various authentication frameworks such as OAuth2, OpenID Connect, JSON Web Tokens (JWT), Basic Authentication, and more. Each of these frameworks has its own strengths and weaknesses and can be used to meet specific security requirements. To implement authentication in glee using AsyncAPI, you would typically start by defining the security requirements of the system in the AsyncAPI specification. This can be done by adding a security scheme object to the specification, which defines the type of authentication required and any additional parameters needed to authenticate the user. Here's an example of how the security scheme object can be defined in AsyncAPI.
In this example, we define a security scheme named "bearerAuth" that uses HTTP authentication with a bearer token format (JWT). This means that users must provide a valid JWT token in the Authorization header of their requests to access the protected resources in glee. Once the security scheme object is defined, it can be used to secure the channels and operations in the AsyncAPI specification. This is done by adding the security property to the channels or operations that require authentication. For example:
In this example, we secure the "notifications" channel and its "subscribe" operation by requiring the "bearerAuth" security scheme. This means that users must provide a valid JWT token to subscribe to notifications. By using the security scheme object and the security property in the AsyncAPI specification, you can implement authentication in glee and support different authentication frameworks depending on the security requirements of your system. |
AsyncAPI is a powerful tool for designing and documenting APIs that use asynchronous messaging protocols. One area where AsyncAPI has received a lot of attention recently is in its support for websocket adapters with authentication and authorization capabilities. In order to add authentication and authorization support to a websocket adapter using AsyncAPI, there are a few different approaches that can be taken: Using JSON Web Tokens (JWTs) - one common way to implement authentication and authorization is through the use of JSON Web Tokens (JWTs). With this approach, clients send their credentials (typically a username and password) to the server, which then returns a JWT that is used to authenticate subsequent requests. OAuth 2.0 - another common approach to authentication and authorization is through the use of OAuth 2.0. In this scenario, clients authenticate themselves by providing an Access Token that they have obtained from an Authorization Server. The server will then validate the token and authorize the client based on the permissions granted to that token. Custom Authentication/Authorization mechanisms - if neither of the above approaches work for your use case, you may need to implement a custom authentication or authorization mechanism. This approach allows you to define your own middleware that can perform whatever authentication and authorization checks are necessary. Regardless of which approach you choose, it's important to keep security in mind when designing and implementing authentication and authorization for your websocket adapter. Make sure to properly validate user inputs, sanitize data, and use best practices for securing access tokens and other sensitive information. By following these guidelines, you can help ensure that your websocket adapter is secure and reliable. |
example of jwt based authentication const jwt = require('jsonwebtoken'); // ... wss.on('connection', function connection(ws) { |
Hey @AceTheCreator |
Yea, it's part of GSOC'23 :) |
Are there any results to share out of this GSOC? |
Closed as completed as part of 2023 edition. |
Small Intro to Glee
Glee is an innovative spec-first framework that empowers developers to build high-performing server-side applications with ease. By allowing users to focus on the business logic of their applications, Glee takes care of the critical aspects of performance, scalability, and resilience, making it an ideal solution for complex production environments. As of now glee supports multiple protocols like websocket, mqtt, kafka and soon HTTP.
Problem Statement
In particular, Glee allows users to create WebSocket servers, which necessitates the implementation of secure and reliable authentication and authorization mechanisms. This ensures that only authorized parties can access and use the WebSocket servers, thereby enhancing the overall security and privacy of the communication channels.
Proposed Solution
By providing users with the tools to develop customized authentication and authorization procedures, Glee would enables them to tailor their servers to their specific needs, ensuring that they meet the highest standards of security and reliability.
We need to support the commonly used methods of authentication that are supported by websocket servers. In general we need to have support for
Mentors:
@Souvikns @KhudaDad414
Project Repo
https://github.com/asyncapi/glee
Expected Difficulty:
Easy-Medium
Expected Time Commitment:
175 Hour
Technical skills requried
Typescript, nodejs, websocket, EDA basics
The text was updated successfully, but these errors were encountered: