cloudfront-auth icon indicating copy to clipboard operation
cloudfront-auth copied to clipboard

Published 20 hours ago verified publisher icon Widen

Google Groups authorization calls Google API on each request

Open 3sGgpQ8H opened this issue 5 years ago • 1 comments

It seems that Google Groups authorization checks user membership in groups on every HTTP request. This is suboptimal. Should probably check only once before issuing TOKEN cookie. Then, in case TOKEN cookie is still valid, it should assume that user is authorized without checking group membership again.

3sGgpQ8H avatar Nov 27 '19 20:11 3sGgpQ8H

Agreed. This may involve a bit of a larger change. The original concept was that we decouple authentication and authorization such that the user is first authenticated and then authorized. The authorization step was set up such that it should call the callback function with a pass or fail.

This change would require we decouple calling the callback function and the authorization function (which is probably how things should've been set up in the first place).

Suggested changes:

  1. For each authz file, remove callback, internalServerError, and unauthorized parameters and add a boolean return
  2. Adjust the corresponding usage of auth.isAuthorized in the authn files to handle the boolean and end execution with a call to callback, internalServerError, or unauthorized

payton avatar Nov 29 '19 04:11 payton