RBAC about memphis HOT 6 OPEN

One question out of curiosity: Will this feature be developed fully from scratch or any plan to integrate pre-build libraries like supertokens etc?

@AmreeshTyagi Probably both industry-standard tools and enhancements of ours

from memphis.

Hi @yanivbh1,

TLDR; we would like to forward authentication requests against ur own backend using HTTPS. The backend should reply if user credentials (eg. a JWT) is valid and a list of permissions for sub/pub.

I smioultaniously had a conversation at the end of this nats-io/nats-server#434 (comment). It actually shows best what other and we were asking for in the last 5 years.

Another good example we are using right now is: https://github.com/rabbitmq/rabbitmq-auth-backend-http

@john-dev Yes, for sure! Basically, equip your users with a JWT token that has enough secure resolution so they would be able to reach Memphis directly to specifically allocated resources.
It's coming. I'll update this thread during the building.

from memphis.

TLDR; enable external authentication & authorization

We tested memphis multiple times and always came down to the fact that we miss this feature.
Something that we have seen being requested multiple times for Nats but has not been taken into consideration yet:
external authentication & authorization

We connect clients (browser + thick app) directly to our current message bus workflow to use the full power of it across our platform which makes it absolutely crucial to enable external authentication (through our platform) and authorization per exchange (we use RabbitMQ).

We use it to distribute requests to all kind of clients, specially to update webinterfaces after changeing prefs, receiving new messages etc.

from memphis.

Hey @john-dev,
Definitely in the making, and I am happy to read that you want to make it work with Memphis.
When you say external authentication & auth, to which provider/method/protocols are you referring?

Regarding connecting clients directly to your message bus - That's fantastic, and we also work on a similar use case with other users. We are heading towards a) allowing dedicated identity and cert to each client. b) to enable data-level context so based on the produced data, you could define which consumers are eligible to connect. c) Layers of authorizations, groups, and policies.

Any more specific capabilities that I didn't list?

from memphis.

One question out of curiosity: Will this feature be developed fully from scratch or any plan to integrate pre-build libraries like supertokens etc?

from memphis.

Hi @yanivbh1,

TLDR; we would like to forward authentication requests against ur own backend using HTTPS.
The backend should reply if user credentials (eg. a JWT) is valid and a list of permissions for sub/pub.

I smioultaniously had a conversation at the end of this nats-io/nats-server#434 (comment).
It actually shows best what other and we were asking for in the last 5 years.

Another good example we are using right now is:
https://github.com/rabbitmq/rabbitmq-auth-backend-http

from memphis.