Dynamic authorization

[haizaar]

Good day,

I'm using WAMP for our project where dynamic authorization is a must. They way crossbar.io implements it is very good.

Are there any plans to implement it in Wiola? (I'm very interested in Wiola because so far it's the only WAMP router that scales out)

[KSDaemon]

Hi! Well, dynamic auth is supported. There are such callbacks in wiola configuration, so you can implement your own business logic Again, i’m on vacation with very poor internet connection, so cannot point you to where and how. I’ll be back in 2 weeks. Всего наилучшего! Константин Буркалев

…

30 авг. 2018 г., в 11:48, Zaar Hai ***@***.***> написал(а): Good day, I'm using WAMP for our project where dynamic authorization is a must. They way crossbar.io implements it is very good. Are there any plans to implement it in Wiola? (I'm very interested in Wiola because so far it's the only WAMP router that scales out) — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

[haizaar]

Hi there,

Thanks for answering while on vacation (and I'll not expect an answer on this one any soon either :)

From what I have searched in wiola configs (and a bit of code) only authentication is supported (i.e. identification of a use during session establishment) and not authorization (i.e. verifying permissions for each of the publish/subscribe/register/call operations later on).

Do you indeed mean to say that authorization is supported as well?

Thanks,
Zaar

[KSDaemon]

Hi @haizaar again! :)
Well, answer for your question is 'yes' and 'no' :)
I'll try to explain:
authorization as you mean is not supported.
But you can use combination of authorization (setting up auth id and roles) and trust levels (e.g. Dymanic configuration) for setting trust level for calls and publishing

[haizaar]

Let me elaborate my scenario to make sure we are on the same page: In my system everything is dynamic - there are two types of WAMP clients - "users" and "devices". We dynamically assign relations of what APIs on which devices each user can call. In my POC with crossbar I simply implemented an external authenticator that looks ups the rules in the external database and makes decisions.
That is, we have only two roles - for devices and users, and authorizer decides the rest.

Is it possible to support such scenario with Wiola?

[KSDaemon]

Sorry for late answer. No, unfortunately right now this is not supported.
May be later... I'll mark it as new feature.