search

Xabaril / Balea

Balea is an authorization framework for ASP.NET Core developers.
Apache License 2.0
246 stars 37 forks source link

Package segregation #48

Open flespi opened 1 year ago

flespi commented 1 year ago

This segregation of packages makes it easier to integrate Core functionality using technologies other than AspNet.

unaizorrilla commented 1 year ago

Can you explain a use case for this with more details?

flespi commented 1 year ago

The idea behind this improvement is to reduce coupling with web dependencies, to keep core capabilities and abstractions implementation-agnostic.

Think about ClaimsPrincipal class (or System.Security.Claims assembly). There are not many cases where you need to use it outside the context of an ASP.NET application. However, it was designed to have low coupling with web implementations.

Many packages adopt the practice of separating ASP.NET interoperability from the core. Finbuckle is a good example of that. They created these well-defined scopes:

Some time ago, I was using Finbuckle and had to get the tenant info within the scope of a MassTransit event. It was as easy as defining and injecting a new provider.

Also, (and this might be the most important point) this ensures that store packages interact only with the abstractions that make sense to them, and avoids inappropriate interactions with ASP.NET context.

In addition, think that you want to get authorization information from the application layer. Nowadays, a reference to Balea implies knowing all the dependencies and assemblies related to ASP.NET because it contains a framework reference.

<ItemGroup>
    <FrameworkReference Include="Microsoft.AspNetCore.App" />
    ...
</ItemGroup>
flespi commented 1 year ago

In my opinion, the only thing that Balea lacks to be considered the definitive solution for authorization is to facilitate the management of definitions (permissions, roles, etc).

It can be achieved by defining pluggable dependencies (similar to the UserManager / UserStore abstractions of Microsoft.AspNetCore.Identity), which allow CRUD operations on Balea entities.

The stores that exist today are more like grantors.

This enhancement could be a small first step towards that goal.

I have made some progress on this idea. Although at the moment it is just a draft. You can find it in the branch stores.

How it is How it can be
before after