How to use authorization via JWT for KV Buckets #4639
-
|
I understand that KV buckets are mapped to streams itself, and the keys are accessed as subjects, but I am curious how to map key store access on read or write with the JWT claims. I couldn't find this in the documentation. Any help would be appreciated, thanks! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
I don't know what the right answer is here, but I'm doing something like the following in/for one application/use-case (user Pub: Sub: This allows me to use a custom/per-user ( The permissions were collected by not granting permissions, turning on tracing, tailing logs + testing, and iteratively adding permissions until things worked. I don't think that I added in more than I needed, but it's possible. You might need slightly different permissions depending on what the user needs to do with the KV. |
Beta Was this translation helpful? Give feedback.
-
|
Hi @jjthiessen, thanks for this, this is super helpful. I was hoping for a better and a more direct mechanism around this, and avoid doing this iterative approach in finding out the subjects. I guess the jetstream KV documentation needs to talk about this, or make it more explicit. |
Beta Was this translation helpful? Give feedback.
I don't know what the right answer is here, but I'm doing something like the following in/for one application/use-case (user
foo; bucketbar):Pub:
Sub:
This allows me to use a custom/per-user (
foo) inbox, and restricts access otherwise/as best I think I can?The permissions were collected by not granting permissions, turning on tracing, tailing logs + testing, and iteratively adding permissions until things worked. I don't think that I added in more than I needed, but it's possible. You might need slightly different permissions depending on what the user n…