-
-
Notifications
You must be signed in to change notification settings - Fork 585
New issue
Have a question about this project?Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of serviceand privacy statement.We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[feature] Templating for HTTP proxy endpoints (URLs) to integrate with permission proxies #483
Comments
@sash2222hi! So do I understand right that you want to dynamically construct HTTP endpoints based on proxy request context. For example, sth like this: {
...
"proxy_subscribe_endpoint":"https://localhost:3000/channel/{{.Channel }}"
} So Centrifugo will execute the endpoint template with some parameters available to substitute (current channel, current user ID) before sending a request. Or the idea is different? |
Hey! Yes, you understood correctly, this scenario suits us. |
FZambia
changed the title
Subscribe to channels across paths
[feature] Templating for HTTP proxy endpoints (URLs) to integrate with permission proxies
Oct 8, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Wow, I'll try to explain:).
The question is about our security model.
We use a proxy serverhttps:// ory.sh/oathkeeper/and our entire security model is tied to it.
It checks HTTP requests for its policy by contacting the authenticator and authorizer if required. Its rules are triggered based on the path (\ bot \ botID), it takes the user's session from the cookie and the botID from the path and checks and verifies the tuple of relations. It can also act as an external authorizer too.
But the problem is that it cannot work with request parameters or the message body.
What if you subscribe to channels via paths rather than request parameters? Or execute requests to a proxy using a pattern, make this process manageable?
Yes, there will be a minus when you need to subscribe to several channels at once (you will have to make several requests), but can you subscribe with an asterisk?
Describe the solution you'd like.
What if you subscribe to channels via paths rather than request parameters? Or execute requests to a proxy using a pattern, make this process manageable?
Yes, there will be a minus when you need to subscribe to several channels at once (you will have to make several requests), but can you subscribe with an asterisk?
...
The text was updated successfully, but these errors were encountered: