Security can be added to a data source by wrapping it with an Auth Source before publishing the source over the network.
On the client, the same sort of auth source can be used to optimistcally predict authentication failures, or to ensure permissions of client data..
The first goal is authentication, to identify the user. A protected source can be created with several authentication providers. So far, we have built the following:
You can create your own authentication mechanisms (or help us implement missing ones like password and OAuth), by creating a custom Auth Provider
Once a user is authenticated, you can apply permissions to grant or limit access. By default, no access is granted to docs, other than the docs owned by a user.
Protected Source API
The API of a Protected Source
is nearly identical to a Source. All actions can be passed with an 'auth' object alongside. Without correct authentication, the Protected Source will block most or all of the Source actions. Additional actions are provided to authenticate and set doc permissions.
Subscription is also augmented to support authentication.. when subscribing, the auth source requires an additional 3rd auth argument. The permissions will be checked to ensure that a client can only subscribe to docs they are allowed to read.
Network Sources are responsible for proxying the Protected Source API as well as the Source API