authorizationnats.io

Can i implement custom authorization in NATS.io?


How can i implement custom authorization in NATS.io, not through NATS accounts? For example, on a new NATS connection, it contacts a server connected to it, which is marked as an authorization handler. Or implement authorization on another server and somehow associate the token with the nats server?

If I already have a database with accounts and an authorization server, how can I match this with the NATS server?


Solution

  • As of NATS v2.10.0 you can do custom auth using Auth Callout

    Auth Callout is an opt-in extension for delegating client authentication and authorization to an application-defined NATS service.

    With this you can implement your authentication as a regular NATS service and NATS will call your service to authenticate the user.

    There is a go example in the above link and I have made two nodejs examples:

    This is just a port of the go example: https://github.com/jonaskello/nats-auth-callout-cli-service

    And this shows one approach to doing dynamic authz: https://github.com/jonaskello/nats-chat