You can enable caller details. Eg Crossbar.io supports that. What you get is (currently) the WAMP session ID of the caller that originates the call. And using the WAMP meta API of Crossbar.io, you can retrieve all session details, including authid and authrole. This isn't set in stone .. we might also directly provide the authid/authrole in the call details .. saving an additional call. Thing is: there is a tradeoff, sending info directly with each and every call vs letting user code retrieve additional info on demand.
Sent from Mobile (Google Nexus 5)
Once a client is authenticated, I need to check if he has the permission to make a specific action. For exemple, if it requests to modify some data belonging to a user, I need to check that it is indeed this user, with authid matching it's username.
How can I do that ?
--
You received this message because you are subscribed to the Google Groups "Autobahn" group.
To unsubscribe from this group and stop receiving emails from it, send an email to autobahnws+...@googlegroups.com.
To post to this group, send email to autob...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/autobahnws/0de0ed67-917c-4ecc-aa39-6e019de14c21%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.