key-based authentication for WebSockets

TIBCOSoftware / mashling

Project Mashling

86 stars 15 forks source link

key-based authentication for WebSockets #204

Open cchristodulis opened 6 years ago

cchristodulis commented 6 years ago

As an API Provider, I would like to implement key-based security so that I can authenticate incoming requests to open a new WebSockets connection

rameshpolishetti commented 6 years ago

PR #223 address this issue by leverages existing gateway security features (basic auth & ldap) to authenticate incoming requests to open a new websocket connection.

Example: https://github.com/TIBCOSoftware/mashling-recipes/tree/master/recipes/proxy-websocket#3-secure-websocket-proxy-gateway-with-basic-authentication

@Beerinder - let me know whether the provided solution is sufficient for this ticket @jpark800 - adding you for review this ticket

jpark800 commented 6 years ago

Basic auth and key based auth are not interchangeable. I suggest adding a key based auth example with a file-based api key store with an interface based design so that other types of the api key stores can be substituted for.

jpark800 commented 6 years ago

Moving to the backlog due to the dependecy on apikey based authentication feature to be available in the future release.