node-jsonrpc2 icon indicating copy to clipboard operation
node-jsonrpc2 copied to clipboard
verified publisher icon pocesar

Support for different types of authorization (Bearer, Cookie etc.)

Open colceagus opened this issue 9 years ago • 8 comments

Hello @pocesar,

We would like to be able to specify different types of authorization, like Bearer Token or Cookie. How can we specify these types of authentication headers in the current implementation?

I would like to see this kind of feature as soon as possible, I am willing to contribute by creating a pull request, if I have your approval on starting the feature.

Awaiting your response!

Kind Regards, Daniel.

colceagus avatar Sep 14 '16 12:09 colceagus

hello @danielmihai, PRs are welcome! the JSON-RPC 2.0 has a clear way to do this, or it's a 'roll your own' solution, like the current user/password auth?

pocesar avatar Sep 14 '16 20:09 pocesar

Hi @pocesar

I haven't started working on the pull request yet. I think I'll try doing it on Sunday. I made a pull request code review for #25.

I was thinking of having a simpler approach to setting Authorization.

The first one is by writing and exposing a general 'set' function for the headers, where the user can set its own headers (which can be marked as an improvement/feature).

The second one is by having algorithm specific functions for setting the authorization headers, as in .basic(username, password) or .jwt(jwttoken). Each one of this approaches does not introduce breaking changes.

The one that includes breaking changes is by passing an authOptions object to the client constructor, in which we specify the auth type (i.e basic, bearer/jwt, digest etc.) together with each auth method parameters (i.e username and password; token etc.)

Consider one of these suggestions, and communicate which one is more appropriate for your development plan, so I can make a first pull request.

Thanks, Daniel :)

colceagus avatar Sep 24 '16 00:09 colceagus

I think the second way is clearer, and it may pave the path to further authorizations with backwards compatibility

pocesar avatar Sep 24 '16 13:09 pocesar

I managed to write the client part. do you want to submit an early pull request to have a better review in the long term?

colceagus avatar Sep 25 '16 21:09 colceagus

up to you :) I won't mind waiting for the whole thing

pocesar avatar Sep 26 '16 00:09 pocesar

finished writing the server authorization part.

tests and documentation remain.

examples later ... for jwt and cookie we have to integrate a middleware or a standalone server for authorization (i.e keycloak).

sorry for the late reply, I was caught. just made the time to write the server.

colceagus avatar Sep 30 '16 01:09 colceagus

Hi @pocesar

I finished writing the tests. What do I do about the Readme and the Examples?

Write them after reviewing the current code (that meaning I will create a pull request right away, after your comment on this one) ?

Thanks, Daniel.

colceagus avatar Sep 30 '16 19:09 colceagus

updated readme with usage (by examples).

we should see if other examples should be written in the examples folder.

creating pull request...

colceagus avatar Sep 30 '16 21:09 colceagus