[feature] Templating for HTTP proxy endpoints (URLs) to integrate with permission proxies

[sash2222]

Wow, I'll try to explain :).
The question is about our security model.
We use a proxy server https://www.ory.sh/oathkeeper/ and our entire security model is tied to it.
It checks HTTP requests for its policy by contacting the authenticator and authorizer if required. Its rules are triggered based on the path (\ bot \ botID), it takes the user's session from the cookie and the botID from the path and checks and verifies the tuple of relations. It can also act as an external authorizer too.
But the problem is that it cannot work with request parameters or the message body.
What if you subscribe to channels via paths rather than request parameters? Or execute requests to a proxy using a pattern, make this process manageable?
Yes, there will be a minus when you need to subscribe to several channels at once (you will have to make several requests), but can you subscribe with an asterisk?

Describe the solution you'd like.
What if you subscribe to channels via paths rather than request parameters? Or execute requests to a proxy using a pattern, make this process manageable?
Yes, there will be a minus when you need to subscribe to several channels at once (you will have to make several requests), but can you subscribe with an asterisk?

...

[FZambia]

@sash2222 hi!

So do I understand right that you want to dynamically construct HTTP endpoints based on proxy request context.

For example, sth like this:

{
    ...
    "proxy_subscribe_endpoint": "https://localhost:3000/channel/{{ .Channel }}"
}

So Centrifugo will execute the endpoint template with some parameters available to substitute (current channel, current user ID) before sending a request. Or the idea is different?

[sash2222]

Hey! Yes, you understood correctly, this scenario suits us.