-
Notifications
You must be signed in to change notification settings - Fork 64
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authorization #14
Comments
JSON HAL does not describe the authorization of resources only their references between. But I think its a good to have it. |
@bryce-anderson Authorization has come up again in #158, and I too need some support for it. I would love to help out but could use some guidance as to how it should be implemented. Some random thoughts/note here:
So where to start?
Thoughts? |
I'm somewhat partial to the 3rd one, since you could mix Authed and Unauthed routes in one service. Unfortunately it wouldn't share much with how HTTP4s does authentication since we have to keep the metadata. |
In my minds eye, it would be super useful to allow whole services to be protected at once, but I also don't think this should be mandatory and am not sure how that information would be surfaced to the action. For the route by route case, I imagine it reasonably easy to be able to make a construct to the tune of val authenticate: RoutingEntity[T] => RoutingEntity[Auth::T] = ???
val authedRoute = authenticate ( GET / "thesecrets") |>> { auth: Auth => ??? } which I think is essentially your 3rd strategy and a new class of AuthRules. What type of interface did you have in mind? A very vague and potentially confusing/spooky idea is to expand the |
I imagined something not too far off from what your suggesting, might just need to experiment with a couple solutions. As for the change to HListToFunction, I think it would be enough if the 'authenticate' method added a parameter the function takes instead of changing HListToFunction to be auth aware. I personally think the authentication should be route based, mostly so we can get some data into swagger. |
Looks like a big change with alternative methods for AuthedRequest all the way. Any workarounds for this? I need to mix AuthedService and RhoService. :( |
For #14 AuthedRhoService implementation
It would be nice to support authorizations directly in rho. I'm not sure of HAL would benefit from it, but swagger would.
Prior Art:
The text was updated successfully, but these errors were encountered: