Authorizer and Authenticator RPCs in damon #312
Labels
Comments
|
Hi @boenrobot! Well, you're right: there is an example of running nexus as a daemon with the config. And yes, right now it is not possible to pass a static map of credentials :( Cause thin wrapper just deserializes a config into the same structures that nexus uses under the hood. It probably won't be hard to implement the things you're asking for... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
I am trying to migrate from Crossbar to Nexus, as lately, Crossbar seems to have some connectivity issues (i.e. it seems to randomly not accept connections). Sure, maybe I have a networking infra problem, but having an alternative router will, if nothing else, rule that out.
I am not familiar with Go, so I'd like to avoid having to write a custom router using Nexus as a routing library.
To this end, I see Nexus does offer a daemon that can be configured with a JSON file, which is great... Exactly the type of deal I'm into, and why I had picked Crossbar originally.
However, I don't see any way to define more custom authorization and authentication rules for the daemon, beyond whether anonymous auth is allowed.
Describe the solution you'd like
Analogously to the way Crossbar deals with this...
Provide some way to hard code authentication and authorization settings in the config file, and also define authentication and authorization RPCs. Anything not covered by the hard coded values will be forwarded to the registered RPCs for evaluation, and the router would either forward the message or reject it based on the RPC's result.
In practice, what this would mean is that the authenticator and authorizer clients will have their values hard coded, while everyone else would be handled by the authenticator and authorizer.
As far as I'm personally concerned, exact details of the RPC's payload and return values don't necessarily need to be exactly what Crossbar uses - the rest of my logic is isolated and simple enough. Just as long as there's URI, authid and authrole provided, and some form of yes/no response is accepted, I can easily convert between the formats.
Of course, I'm sure others might appreciate having the exact RPC signature as Crossbar for the sake of a "drop in replacement".
Describe alternatives you've considered
The application I'm working on is a a hybrid PHP and Nodejs application. While there are router implementations for both of these languages, and I could easily try to make a router with those as libs, they both seem to be somewhat abandoned, so that doesn't seem like a nice long term solution. I'm also not entirely sure about their performance characteristics either... Nexus, by virtue of being written in Go, I'd assume will be among the faster / higher RPS implementations... while also not being abandoned.
Additional context
If this feature is already possible with the daemon, I am not seeing how.
The text was updated successfully, but these errors were encountered: