Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?

Pluggable Authorization for Blaze

Problem

Blaze does not support FHIR's authorization for resource access control.

Every deployment of Blaze may have unique authorization providers and access control protocols.

Proposed Solution

Blaze should be deployed with a jar added to the classpath during launch. The authorization jar will provide a custom middleware for handling authorization. Initialization will be managed by Integrant.

Details

  • The authorization jar must be added to the classpath during launch. For example, java -cp blaze.jar:my-authorization.jar blaze.core.
  • The fully qualified namespace must be provided with an environment variable named AUTHORIZATION_NS.
  • If AUTHORIZATION_NS is non-nil and non-empty, try requiring-resolve on the provided path. If error, exit with good error message without starting Integrant.
    • Can consider checking for the existence of the OPENID_PROVIDER_URL env var because the identity key on request will likely be required
  • The provided namespace must extend ig/init-key (and ig/halt-key! where appropriate)
    • ig/init-key should return a middleware (a function that takes request as the only argument)
    • Can consider checking for the existence of the :authorization init-key method using (keys (methods ig/init-key)) after using requiring-resolve on AUTHORIZATION_NS

Pros and Cons

Pros

  • Custom authorization implementation for every Blaze deployment
  • Blaze needs to know nothing about configuration for the authorization service
  • Fail fast if authorization namespace cannot be found
  • Leverage existing Integrant+middleware architecture

Cons

  • Configuration of the authorization service (for example, database) will take more effort than a solution integrated directly into Blaze
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.