Need for fine-grained per-channel authn/authz #306

jstoiko · 2020-01-21T19:21:33Z

The current authn/authz mechanism described with securitySchemes in AsyncAPI 2.0 works at a global level, i.e. it is definable inside the server node. oAuth2 “scopes” allows to provide some authz metadata related to specific channels however 1) it only applies to oAuth2 and 2) it applied to the entire API.

Sometimes, an API may have different channels supporting a different set of permissions. Those permissions are usually reflected in the security scheme being used. Therefor, it would be nice to have the ability to set securitySchemes at the channel level.

The text was updated successfully, but these errors were encountered:

derberg · 2021-10-05T08:54:25Z

@jstoiko have you seen #584 ?

jstoiko added the feature request label Jan 21, 2020

samihus mentioned this issue Feb 19, 2020

How to map security to operations? asyncapi/website#51

Closed

fmvilas added the keep-open Prevents stale bot from closing this issue or PR label Mar 13, 2020

fmvilas added this to the AsyncAPI specification 2.1.0 milestone Mar 13, 2020

fmvilas removed the feature request label Mar 16, 2021

fmvilas removed this from the Next specification version milestone May 12, 2021

github-actions bot added the stale label Oct 5, 2021

asyncapi deleted a comment from github-actions bot Oct 5, 2021

derberg removed the stale label Oct 5, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Need for fine-grained per-channel authn/authz #306

Need for fine-grained per-channel authn/authz #306

jstoiko commented Jan 21, 2020

derberg commented Oct 5, 2021

Need for fine-grained per-channel authn/authz #306

Need for fine-grained per-channel authn/authz #306

Comments

jstoiko commented Jan 21, 2020

derberg commented Oct 5, 2021