Comments (3)
I think that stuff is a great idea, eventually the backend matcher should be able to be extended (or integrated with your own matcher) that provides this auth, and then it creates the connect token to pass to the yojimbo dedicated server on connect. But I don't plan to add this functionality directly to yojimbo.
from yojimbo.
Can you leave details hints where this functionality can be added? It would be helpful.
I'm tempted to write my own backend just for fun. With elixir and maybe phoenix or grpc.
from yojimbo.
Take a look at matcher.go. Matcher.go is an example showing how a web backend can create and return a connect token to a client over HTTPS. The client then uses this connect token in secure_client.cpp to establish a secure connection to a yojimbo server (encrypted, authenticated via matcher), and if you are running secure_server.cpp, insecure connections are not allowed, all client connections must come in with connect tokens.
So the basic idea is that you extend matcher.go to create your own backend, or port the code in matcher.go to your own backend, perhaps in some different language, so you can create a connect token and return the matcher HTTPS response that the yojimbo client is expecting. Then, the whole OpenID stuff you would do on that backend, authenticating users, and only allowing OpenID authenticated users to request and receive connect tokens.
This way, the OpenID authentication in your backend is effectively transferred to yojimbo servers when you run them in secure mode (#define YOJMIBO_SECURE_MODE 1), because those servers only allow connections with connect tokens, and only users that have authenticated with OpenID are able to get connect tokens from your backend.
This is how the whole yojimbo thing is supposed to work. The connect tokens are the bridge between whatever auth you implement in your backend and the dedicated servers.
ps. Before you go into production with this, make sure you roll a new private key for the matcher (or your own backend), and the dedicated servers instances. The security of this system relies on the private key being known only to the backend and dedicated server instances.
cheers
- Glenn
from yojimbo.
Related Issues (20)
- Updated official release HOT 2
- TLS Error on mac HOT 2
- Question - NAT Punch-through HOT 2
- Failed to Create Message Type and Serialize check failed HOT 4
- Windows: cannot connect while other clients are timing out HOT 4
- Client connection refused if it's time is > server time HOT 1
- Message Types vs Data Blocks HOT 1
- Ignoring late packets HOT 1
- Working on improving the vcpkg integration: libsodium and mbedtls versions? HOT 9
- Intended use of client messages HOT 5
- Sending arrays of variable size HOT 4
- Yojimbo linkage HOT 1
- Improve vcpkg usage experience HOT 4
- Large messages can clog ReliableOrderedChannel indefinitely HOT 3
- client.Disconnect() in loopback.cpp example HOT 2
- Building.md instructions not working for m1 mac HOT 3
- matcher docker doesn't seem to build anymore HOT 1
- Sending Large Block Sizes slow HOT 1
- NDA platforms HOT 1
- Problem with #if in yojimbo_reliable_ordered_channel.cpp HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from yojimbo.