Server side authorization for EDFS

[xwrs]

trafficstars

Component(s)

router

Is your feature request related to a problem? Please describe.

EDFS is a fantastic approach to rethink subscriptions and mitigate it’s flaws. I am struggling now to implement contextual subscription meaning: subscribe to a certain subset of resources BUT subset is defined by context. namely authorization context of a user. let’s say I am a member of a user group and I subscribe to all changes to documents of my user group. so essentially I have to pass array of my user’s groups as a topic identifying value. two options here: pass my user groups as claim in token but the token can be too large so essentially it is impossible; second option is to pull the context of the user on subscription and basically check if user has access to user groups.

Describe the solution you'd like

not sure. maybe allow to validate user input somehow and check if topic user subscribed to has access to this topic by the authorization rules. maybe some (web) hook which will be triggered by router for each request for subscription and enrich user input with some context

Describe alternatives you've considered

living without EDFS

Additional context

No response

[github-actions[bot]]

WunderGraph commits fully to Open Source and we want to make sure that we can help you as fast as possible. The roadmap is driven by our customers and we have to prioritize issues that are important to them. You can influence the priority by becoming a customer. Please contact us here.

[Aenimus]

HI @xwrs,

Incorporating claims into EDFS is on our roadmap. I believe this is exactly what you're looking for. Please stay tuned.

[xwrs]

the idea I have in mind

I am going to try and add support for this kind of opinionated middlewares to router