http bridge authentication/authorization

#1

The http bridge is a good feature to use. (http://crossbar.io/docs/HTTP-Bridge/)

Currently, I register a callback to dynamically authenticate and authorize wamp connections by registering the two authenticator and authorizer callbacks.

How will the dynamic authentication/authorization work for http bridge? (the ticket method is preferred)

Do you have a sample config.json and sample code? What is required for a http post request to do to be authenticated/authorized?

Thanks

Regards,

Jun

0 Likes

#2

Does anybody have idea if crossbar supports the http bridge authentication? Thanks.

···

On Tuesday, April 5, 2016 at 2:08:35 PM UTC-7, Jun wrote:

The http bridge is a good feature to use. (http://crossbar.io/docs/HTTP-Bridge/)

Currently, I register a callback to dynamically authenticate and authorize wamp connections by registering the two authenticator and authorizer callbacks.

How will the dynamic authentication/authorization work for http bridge? (the ticket method is preferred)

Do you have a sample config.json and sample code? What is required for a http post request to do to be authenticated/authorized?

Thanks

Regards,

Jun

0 Likes

#3

Hi,

there are currently 3 things you can do to secure access to the bridge:

You can require TLS: require_tls

You can restrict source IPs: require_ip

Eg see: http://crossbar.io/docs/HTTP-Bridge-Publisher

And you can demand requests to be signed:

http://crossbar.io/docs/HTTP-Bridge-Publisher/#signed-requests

The signature is computed from a pre-shared secret.

Cheers,
/Tobias

···

Am 11.04.2016 um 22:53 schrieb Jun:

Does anybody have idea if crossbar supports the http bridge
authentication? Thanks.

On Tuesday, April 5, 2016 at 2:08:35 PM UTC-7, Jun wrote:

    The http bridge is a good feature to use.
      (http://crossbar.io/docs/HTTP-Bridge/
    <http://crossbar.io/docs/HTTP-Bridge/>)

    Currently, I register a callback to dynamically authenticate and
    authorize wamp connections by registering the two authenticator and
    authorizer callbacks.

    How will the dynamic authentication/authorization work for http
    bridge? (the ticket method is preferred)

    Do you have a sample config.json and sample code? What is required
    for a http post request to do to be authenticated/authorized?

    Thanks

    Regards,
    Jun

--
You received this message because you are subscribed to the Google
Groups "Crossbar" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to crossbario+...@googlegroups.com
<mailto:crossbario+...@googlegroups.com>.
To post to this group, send email to cross...@googlegroups.com
<mailto:cross...@googlegroups.com>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/crossbario/e458e115-8df3-4c83-b5fb-03f659b817f2%40googlegroups.com
<https://groups.google.com/d/msgid/crossbario/e458e115-8df3-4c83-b5fb-03f659b817f2%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.

0 Likes

#4

Hello, Tobias:

Thank you for your reply. I have a few follow-up questions:

Regarding http://crossbar.io/docs/HTTP-Bridge-Publisher/#signed-requests

  1. How the client should construct the http request with the secrete? for example, should the secrete be put in header, or body?

  2. Different client has different secrete. And how does crossbar programmatically verify requests from different clients? If a registered callback will be called by crossbar to do the authentication, what info will crossbar pass over to the registered callback?

Another question: Does crossbar supports access token (for authorization purpose) for http bridge

If the http request from client contains access tokens, where should the client put the token in the http post requests? And how does crossbar pass over the access token to either registered authorization callback or a subscriber?

Thanks

Regards,

Jun

···

On Tuesday, April 5, 2016 at 2:08:35 PM UTC-7, Jun wrote:

The http bridge is a good feature to use. (http://crossbar.io/docs/HTTP-Bridge/)

Currently, I register a callback to dynamically authenticate and authorize wamp connections by registering the two authenticator and authorizer callbacks.

How will the dynamic authentication/authorization work for http bridge? (the ticket method is preferred)

Do you have a sample config.json and sample code? What is required for a http post request to do to be authenticated/authorized?

Thanks

Regards,

Jun

0 Likes

#5

Hello, Tobias and everyone:

Can you please help me with the following questions? Thanks

Regarding http://crossbar.io/docs/HTTP-Bridge-Publisher/#signed-requests

  1. How the client should construct the http request with the secrete? for example, should the secrete be put in header, or body?

  2. Different client has different secrete. And how does crossbar programmatically verify requests from different clients? If a registered callback will be called by crossbar to do the authentication, what info will crossbar pass over to the registered callback?

Another question: Does crossbar supports access token (for authorization purpose) for http bridge

If the http request from client contains access tokens, where should the client put the token in the http post requests? And how does crossbar pass over the access token to either registered authorization callback or a subscriber?

Thanks

Regards,

Jun

···

On Tuesday, April 5, 2016 at 2:08:35 PM UTC-7, Jun wrote:

The http bridge is a good feature to use. (http://crossbar.io/docs/HTTP-Bridge/)

Currently, I register a callback to dynamically authenticate and authorize wamp connections by registering the two authenticator and authorizer callbacks.

How will the dynamic authentication/authorization work for http bridge? (the ticket method is preferred)

Do you have a sample config.json and sample code? What is required for a http post request to do to be authenticated/authorized?

Thanks

Regards,

Jun

0 Likes