Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for HTTP Authentication Backend #246

Open
carlhoerberg opened this issue Feb 22, 2021 · 11 comments
Open

Support for HTTP Authentication Backend #246

carlhoerberg opened this issue Feb 22, 2021 · 11 comments
Assignees
@kickster97
Labels
enhancement

Comments

@carlhoerberg
Copy link
Member

In combination with Websockets it makes sense to delegate authentication to a http backend.

Can look at https://github.com/rabbitmq/rabbitmq-server/tree/master/deps/rabbitmq_auth_backend_http for inspiration.

Probably integrate caching by default, as every user action, including publishes requires an authentication lookup.
@JadeKharats
Copy link

Is this need still relevant today?
I would like to try to suggest an implementation for you.

@paxinos
Copy link

paxinos commented Nov 8, 2024

It's pretty much mandatory for us... we need an external mechanism to authenticate users.

@kickster97
Copy link
Member

@JadeKharats Hi :) a contribution would be very appreciated, feel free to fork and make a PR if you have something in mind!

@JadeKharats
Copy link

I was thinking of redefining UserStore as an abstract class.
Rename the current UserStore class to FSUserStore or LocalUserStore.
Then create a UserStore as needed (e.g., rabbimq-http-backend for this issue).
Finally, initialize the UserStore type through configuration.

I'll try to do that this weekend, if the solution works for you.

P.S.: I'll also add cache management and a validity period in the config.

@paxinos
Copy link

paxinos commented Nov 8, 2024

speaking as a user, that makes perfect sense to me. I was just getting familiar with the code (and the language). Your timing is perfect for us.

@JadeKharats
Copy link

Hi,

I would like to add in the spec_helper the code for an auth backend server and a with_auth_backend method to launch the server.

Today the spec_helper does not require any other file.

You prefer that I put my code directly in the spec_helper or that I externalize it

@JadeKharats
Copy link

I should add the backend parameters in the config.
I hesitate between the main section and the mgmt section.

@carlhoerberg
Copy link
Member Author

carlhoerberg commented Nov 24, 2024
edited
Loading

I should add the backend parameters in the config.
I hesitate between the main section and the mgmt section.

Main for sure, it applies to all interfaces, mgmt, amqp and mqtt

@carlhoerberg
Copy link
Member Author

Make sure that multiple backends can be used at the same time. You can have some admin user in the built in user store and the rest in the http backend for instance.

@carlhoerberg
Copy link
Member Author

I should add the backend parameters in the config.
I hesitate between the main section and the mgmt section.

Main for sure, it applies to all interfaces, mgmt, amqp and mqtt

Or make a new section called [auth]

@kickster97 kickster97 mentioned this issue Nov 26, 2024
Draft
@kickster97
Copy link
Member

@JadeKharats I opened a draft PR that might cross over what you are doing, feel free to add comments there with any findings/input you have gained while looking at this.

@kickster97 kickster97 self-assigned this Dec 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kickster97 kickster97

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@carlhoerberg @paxinos @JadeKharats @kickster97