kevindeyne
commented
2 years ago Alternatively, a uniquely generated username/password per session could also work - but we'd have to make it scalable via redis and it would have to work with Hydra.
Open kevindeyne opened 2 years ago
kevindeyne
commented
2 years ago Alternatively, a uniquely generated username/password per session could also work - but we'd have to make it scalable via redis and it would have to work with Hydra.
We just use basic auth credentials for RSocket right now:
https://github.com/medusa-ui/medusa/blob/3ede1fbeaa603e7cd1b13c3cd088f9ed59066961/medusa-ui/src/main/resources/static/index.js#L25
https://github.com/medusa-ui/medusa/blob/03836caaae2e4ef3e7e060edbf6734531edf92dd/medusa-ui/src/main/java/io/getmedusa/medusa/core/config/RSocketSecurityConfiguration.java#L32-L36
Which, now that we know RSocket is a good choice for us, should become a proper implementation. Presumably a JWT implementation: https://docs.spring.io/spring-security/reference/reactive/integrations/rsocket.html#rsocket-authentication-jwt