-
Notifications
You must be signed in to change notification settings - Fork 96
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Server side authorization for EDFS #774
Labels
Comments
WunderGraph commits fully to Open Source and we want to make sure that we can help you as fast as possible. |
HI @xwrs, Incorporating claims into EDFS is on our roadmap. I believe this is exactly what you're looking for. Please stay tuned. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Component(s)
router
Is your feature request related to a problem? Please describe.
EDFS is a fantastic approach to rethink subscriptions and mitigate it’s flaws. I am struggling now to implement contextual subscription meaning:
subscribe to a certain subset of resources BUT subset is defined by context. namely authorization context of a user. let’s say I am a member of a user group and I subscribe to all changes to documents of my user group.
so essentially I have to pass array of my user’s groups as a topic identifying value. two options here: pass my user groups as claim in token but the token can be too large so essentially it is impossible; second option is to pull the context of the user on subscription and basically check if user has access to user groups.
Describe the solution you'd like
not sure. maybe allow to validate user input somehow and check if topic user subscribed to has access to this topic by the authorization rules.
maybe some (web) hook which will be triggered by router for each request for subscription and enrich user input with some context
Describe alternatives you've considered
living without EDFS
Additional context
No response
The text was updated successfully, but these errors were encountered: