Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authentication API KEYS #73

Open
tiero opened this issue Jan 28, 2024 · 2 comments
Open

Authentication API KEYS #73

tiero opened this issue Jan 28, 2024 · 2 comments
Assignees
@altafan

Comments

@tiero
Copy link
Member

tiero commented Jan 28, 2024

We should introduce an authorization layer for the exposed gRPC service so that it can be exposed over the public internet and used as a hot-wallet backend by multiple services, each one with specific account-scoped permissions.

It boils down to the type of DSL we want to introduce to describe the RPC access and limitations (ie. Transfer rpc can have X amount to be spent)
@altafan
Copy link
Collaborator

altafan commented Feb 1, 2024

macaroons auth FTW? Also, we could add to add a proper bakery command to the cli to facilitate the creation of fine grained constraints as the one you mentioned.

@tiero
Copy link
Member Author

tiero commented Feb 1, 2024

Yes, technology-wise I am ok with it, just saying that open to other less complex alternatives. Even a simple auth in database why not. In the end ocean is used as standalone service by an human, not other micro-services (where macaroons instead are built for)

https://fly.io/blog/api-tokens-a-tedious-survey/

My take is that if you really dont want stateful auth (but in Ocean seems perfect), Facebook CAT and Biscuits are simpler

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@altafan altafan

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tiero @altafan