How to implement authentication and authorization? #244
-
|
Looking at wtransport, I couldn't find any examples for implementing authn or authz. How and where would you recommend to implement these? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
For authn, you can use protocols like JSON Web Tokens (JWT) by passing a token in the HTTP/3 handshake headers or in the first message of the session. OAuth 2.0 or OpenID Connect can also be used to authenticate users and associate tokens with sessions. If you prefer a custom solution, you could exchange credentials or tokens as part of the initial WebTransport messages and handle validation at the application level. For access control, you can implement role-based or policy-based mechanisms to restrict resources as needed. |
Beta Was this translation helpful? Give feedback.
-
|
This is what I had in mind, just missing an example that is all. Appreciate the formalization 👍🏼 |
Beta Was this translation helpful? Give feedback.
wtransportis a transport protocol (like WebSocket) and doesn’t directly handle authentication (authn) or authorization (authz). These should be implemented in the application layer.wtransportworks over HTTP/3, built on QUIC, which uses TLS 1.3 for encryption and server authentication. If you need client certificate-based auth (e.g., mTLS), you can configure this via ServerConfigBuilder::with_custom_tls. However, this is for transport-level security and not application-level authn/authz.For authn, you can use protocols like JSON Web Tokens (JWT) by passing a token in the HTTP/3 handshake headers or in the first message of the session. OAuth 2.0 or OpenID Connect can also be used to aut…