Authentication layer for glee, support for different authentication frameworks

[Souvikns]

Currently, as a user when we are using glee to build a WebSocket server the only way of authenticating is by writing your own authentication logic in the functions. Which is repetitive and not a good solution when you have a large application, with the addition of WebSocket and HTTP adapters, glee needs support for authentication and authorization. Right now glee needs some kind of Authentication middleware for both server and client adapters.

Currently, client adapters are able to send authentication parameters with the help of glee config, and this needs to be updated so that it can support multiple authentication and authorization process.

glee/examples/dummy/glee.config.js

Lines 15 to 19 in 16c99b0

	mqtt: {
	authentication: {
	cert: async () => fs.readFileSync('./mosquitto.org.crt')
	}
	}

For starters, we need to support some popular authorization processes-

• Token-based authentication: In this method, the client requests an access token from the server, which can then be used to access protected resources. The token is sent with each websocket request and is used by the server to verify the client's identity and determine their authorization.
• Basic authentication: This method uses the same basic authentication process as the HTTP protocol, where the client sends an HTTP request with a header that contains a username and password. The server verifies the credentials and returns a response with the requested resource if the user is authenticated.
• Certificate-based authentication: In this method, the client and server use digital certificates to establish trust and verify identity. The client presents a certificate to the server, which then verifies the certificate's validity and authenticity.
• Session-based authentication: This method works similarly to session-based authentication in the HTTP protocol, where the server creates a session for the user and associates it with an identifier. The client then sends the identifier with each websocket request, allowing the server to identify the user and determine their authorization.
• OAuth 2.0 authentication: OAuth 2.0 is an open standard for authorization that provides secure access to resources by delegating access to third-party applications. The client requests access to a resource from the server, and the server returns an authorization code, which the client can then use to obtain an access token.

[Souvikns]

Just putting a thought out there, since glee is using middlewares we could use https://www.npmjs.com/package/passport to implement authentication.

[octonawish-akcodes]

I am interested in this under gsoc 2023, can you guide me to get started with this issue.

[oviecodes]

@Souvikns @fmvilas @KhudaDad414 I would love to give this a try

[Infamia2334]

@Souvikns @AceTheCreator This sounds like an exciting issue to work on, however I think we should also explore other ways of adding authentication rather than using passport.js. Maybe even writing one of our own. Here are a few points I want to share:

• The documentation for passport.js is not exactly clear on how things work under the hood. It is like a black box, one has to play around to understand its functionalities.
• At the end, it is just the same work as writing your own authentication middleware. One still has to write their own configuration and callback even with passport.js.
• Counterpoint: On the other hand it supports multiple authentication strategies like OAuth/OAuth2 with minimal amount of code - we don't need it absolutely but in this use case it might help to develop the auth layer much quicker.

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity 😴

It will be closed in 120 days if no further activity occurs. To unstale this issue, add a comment with a detailed explanation.

There can be many reasons why some specific issue has no activity. The most probable cause is lack of time, not lack of interest. AsyncAPI Initiative is a Linux Foundation project not owned by a single for-profit company. It is a community-driven initiative ruled under open governance model.

Let us figure out together how to push this issue forward. Connect with us through one of many communication channels we established here.

Thank you for your patience ❤️