-
-
Notifications
You must be signed in to change notification settings - Fork 273
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Need for fine-grained per-channel authn/authz #306
Comments
this isn't anymore possible to implement security at channel level in the asyncapi spec version 3 ? |
@devthejo it was also not possible on channel level prior v3 v2 and v3 are not different in that aspect, security is either on server level or fine grained on operation level. I will close this issue as it is super old, before we added security on operation level. Also @jstoiko is no longer active in community for over 3 years. @devthejo if in your opinion security is not enough to be fine grained on operation level, please open a separate issue with detailed explanation for the use case and explanation why current functionality is not good enough for your use case |
The current authn/authz mechanism described with
securitySchemes
in AsyncAPI 2.0 works at a global level, i.e. it is definable inside theserver
node. oAuth2 “scopes” allows to provide some authz metadata related to specific channels however 1) it only applies to oAuth2 and 2) it applied to the entire API.Sometimes, an API may have different channels supporting a different set of permissions. Those permissions are usually reflected in the security scheme being used. Therefor, it would be nice to have the ability to set securitySchemes at the channel level.
The text was updated successfully, but these errors were encountered: