How can i implement custom authorization in NATS.io, not through NATS accounts? For example, on a new NATS connection, it contacts a server connected to it, which is marked as an authorization handler. Or implement authorization on another server and somehow associate the token with the nats server?
If I already have a database with accounts and an authorization server, how can I match this with the NATS server?
As of NATS v2.10.0 you can do custom auth using Auth Callout
Auth Callout is an opt-in extension for delegating client authentication and authorization to an application-defined NATS service.
With this you can implement your authentication as a regular NATS service and NATS will call your service to authenticate the user.
There is a go example in the above link and I have made two nodejs examples:
This is just a port of the go example: https://github.com/jonaskello/nats-auth-callout-cli-service
And this shows one approach to doing dynamic authz: https://github.com/jonaskello/nats-chat