helixml / demo-recipes

Authentication and Authorization

Authentication

Authentication confirms a user’s identity. The Helix framework supports several authentication methods.

1. Authentication using a “secret” parameter

In this method, the application uses a “secret” parameter, usually a string, as an authentication mechanism.

  • Example:
// Code snippet from https://github.com/helixml/demo-recipes/blob/main/server/app.js
          
          const config = {
              'auth': {
                  'secret': 'your_secret_key' 
              }
          };

The application will check if the provided secret matches the configured secret and allows access if it does.

  • Advantages:

    • Simple to implement
    • Minimal configuration

  • Disadvantages:

    • Insecure for production environments
    • Cannot be easily used for multiple users

2. Authentication using a “token” parameter

This method uses a “token” parameter, typically generated by a separate service, to authenticate users.

  • Example:
// Code snippet from https://github.com/helixml/demo-recipes/blob/main/server/app.js
          
          const config = {
              'auth': {
                  'token': 'your_token_key' 
              }
          };

The application validates the token against the configured token key. Successful validation provides access.

  • Advantages:

    • More secure than using a “secret”
    • Allows for more granular access control

  • Disadvantages:

    • Requires additional services for token management

3. Authentication using a “basic” authentication scheme

The “basic” scheme uses the “Authorization” header to send username and password credentials.

  • Example:
// Code snippet from https://github.com/helixml/demo-recipes/blob/main/server/app.js
          
          const config = {
              'auth': {
                  'basic': {
                      'username': 'your_username',
                      'password': 'your_password' 
                  }
              }
          };

The application validates the provided credentials against the configured username and password.

  • Advantages:

    • Widely supported
    • Simple to implement

  • Disadvantages:

    • Insecure for sending over unencrypted channels
    • Not recommended for production environments

Authorization

Authorization controls the level of access granted to authenticated users. The Helix framework uses roles to implement authorization.

  • Example:
// Code snippet from https://github.com/helixml/demo-recipes/blob/main/server/app.js
          
          const config = {
              'auth': {
                  'roles': {
                      'admin': {
                          'permissions': ['read', 'write', 'delete']
                      },
                      'user': {
                          'permissions': ['read']
                      }
                  }
              }
          };

The application checks if the authenticated user has the required role and permissions to access specific resources.

  • Advantages:

    • Flexible and granular access control
    • Allows for fine-grained control over user permissions

  • Disadvantages:

    • Can be complex to implement for large applications

Conclusion

Authentication and authorization are essential for securing applications. Choose the right approach based on the needs of your specific application. Ensure you use secure methods for sensitive information and implement appropriate role-based access control for greater control and security.