You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In web service world it's easy to write a proxy that does url-based rules to enforce authorization in a single place. Eg user joe can only access ws://myservice/r/parent.topic.* or ws://myservice/[rw]+/.topic.
would be great that if nats server could offer a feature for dynamic url-based permissions. Eg a url that nats server receives would define rw access and topic pattern.
I suspect we're unlikely to support such a scheme in the server itself - there are always more to support! - we have created a way to externalize authentication to your own code that could solve this.
Proposed change
In web service world it's easy to write a proxy that does url-based rules to enforce authorization in a single place. Eg user joe can only access ws://myservice/r/parent.topic.* or ws://myservice/[rw]+/.topic.
would be great that if nats server could offer a feature for dynamic url-based permissions. Eg a url that nats server receives would define rw access and topic pattern.
We specced out a similar feature in wsbroad vi/wsbroad#2 (comment)
This would allow defining who can subscribe/write to a topic entirely outside of nats
Use case
Contribution
no
The text was updated successfully, but these errors were encountered: