opal icon indicating copy to clipboard operation
opal copied to clipboard

Published 20 hours ago verified publisher icon permitio

Restrict topic subscription from OPAL Client and topic events from OPAL Server

Open orweis opened this issue 2 years ago • 0 comments

Started as a discussion in https://github.com/authorizon/opal/discussions/159

Originally posted by jyoussefzadeh October 19, 2021 From the documentation & previous discussions, I understand that a JWT token can be issued to authenticate the OPAL Clients connection to OPAL Server.
Is it also possible to restrict which OPAL_DATA_TOPICS can be subscribed to from that client?
For instance, if there is a single shared pool of OPAL Servers with hundreds of different OPAL Clients connected to it, we do not want one client to be able to subscribe to & fetch unauthorized information that belongs to another client.
On a similar vein, given some bearer token for calling OPAL Server APIs, is it possible to restrict which topics that token can publish an event to, using the /data/config API?
Also, is it possible to restrict access to different OPAL Server endpoints entirely?

orweis avatar Oct 19 '21 06:10 orweis