Authorization for deployed streamsync apps?

[gaviriar]

I want to learn more about how the sessions component could be used for advanced authorisation and access control for a deployed streamsync app.

I understand that the session object will contain session data, such as headers coming from the browser. This is great, as the browser could forward some user ID or auth token that can be used for data authorization.

Question: What are some proposed methods for the browser (or Vue app) to forward an OAuth token (or some other info) in the headers so that the backend can use them via the session variable?

Use case: Imagine you are in an environment where identity and access management is a MUST for deployed streamsync apps. How do we achieve it? For example, how could we implement OAuth for the streamsync app in the simplest manner using the Auth0 SDK?

[ramedina86]

Thanks for your interest, this can be achieved in a number of ways but they all revolve around using a reverse proxy with a Streamsync app sitting behind.

For example, you can use nginx (needs the Plus version, unfortunately) with the Auth0 module and pass the desired headers:

proxy_set_header username $jwt_claim_sub;

More info here

You can also use cloud services such as Google's Identity Aware Proxy and read its signed headers.

You may have success using cookies, but I haven't explored that yet and I believe the reverse proxy approach is better.

[gaviriar]

Thanks for the answers, I had no idea that NGINX offers this. Its a shame that it's a Plus feature as it limits my ability to prototype. Do you know of any other alternatives?

Would you be opposed to the idea of integrating OAuth authentication in the app itself? Or is that too high an effort for now?

[ramedina86]

Yes there'd be a lot of effort involved in order to support different flows and providers. It may come at some point in the future, but there's nothing planned for now.