AsyncAPI: Authentication and Authorization support for websocket adapters.

[AceTheCreator]

Small Intro to Glee

Glee is an innovative spec-first framework that empowers developers to build high-performing server-side applications with ease. By allowing users to focus on the business logic of their applications, Glee takes care of the critical aspects of performance, scalability, and resilience, making it an ideal solution for complex production environments. As of now glee supports multiple protocols like websocket, mqtt, kafka and soon HTTP.

Problem Statement

In particular, Glee allows users to create WebSocket servers, which necessitates the implementation of secure and reliable authentication and authorization mechanisms. This ensures that only authorized parties can access and use the WebSocket servers, thereby enhancing the overall security and privacy of the communication channels.

Proposed Solution

By providing users with the tools to develop customized authentication and authorization procedures, Glee would enables them to tailor their servers to their specific needs, ensuring that they meet the highest standards of security and reliability.

We need to support the commonly used methods of authentication that are supported by websocket servers. In general we need to have support for

1. Basic Authentication: This is a simple and widely supported authentication mechanism that uses a username and password to authenticate clients. The client sends the username and password in the HTTP header during the WebSocket handshake, and the server verifies it before establishing the WebSocket connection.
2. Token-Based Authentication: This is a popular authentication mechanism that uses tokens or access keys to authenticate clients. The client sends the token in the HTTP header during the WebSocket handshake, and the server verifies it before establishing the WebSocket connection.
3. OAuth 2.0: This is a widely used authentication and authorization framework that enables clients to obtain access tokens to access protected resources. The client sends the access token in the HTTP header during the WebSocket handshake, and the server verifies it before establishing the WebSocket connection.
4. Mutual TLS Authentication: This is a strong authentication mechanism that uses TLS certificates to authenticate clients. The client sends a client certificate during the WebSocket handshake, and the server verifies it before establishing the WebSocket connection.

Mentors:
@Souvikns @KhudaDad414

Project Repo

https://github.com/asyncapi/glee

Expected Difficulty:
Easy-Medium

Expected Time Commitment:
175 Hour

Technical skills requried

Typescript, nodejs, websocket, EDA basics

[LetsGetStartedWithBub]

Hi @AceTheCreator @jansche , I am Mitchell (SDE with 2 year experience). I hadn't participated in GSOC before, but this year I am looking forward to be an active participant. And I think this project will be compatible for me as I am going to pursue it with my full-time job. Hope to hear from your side about how I can proceed with this project.
Thank you

[bshreyasharma007]

Hi Mentors [ @AceTheCreator @jansche @Souvikns @KhudaDad414 ]

I am Shreya who is a technology enthusiast and first time participating in GSOC with the wish to be contributing towards "Authentication layer for glee, support for different authentication frameworks"

As per Contribution Guide I would like to introduce myself as a candidate to work on this project which is selected for GSOC 2023

Q1) What interests you most about this project ?

I researched about glee, glee.config.js thought about how I can contribute towards this project and went through the link provided in the issue.

I have experience working with Authentication, authorization system and believe in the idea of 'multiple authentication and authorization process' as world moves towards things which makes things easier, scalabe and more secure.

I believe I can contribute towards this project in meaningful way.

Q2) As mentors and project coordinators, how can we get the best out of you?

You can get the best out of me by providing me clear and concise guidance on the project goals, expectations, and timelines.

I believe in continuous improvement hence open to feedback [ be it technical or social or in other areas ], willing to learn new technologies, tools and approaches to improve my skills and contribute towards the project.

Q3) Is there anything that you’ll be studying or working on whilst working alongside us?

I am a working professional in the field of EDI(Electronic Data Interchange) as an Analyst, with a Computer Science background.

Q4) We'd love to hear a bit on your work preferences, e.g. how you keep yourself organized, what tools you use, etc?

I like planned things; in situation where a project is not planned out with no proper communication, I tend to get a bit anxious as in my mind the priority is to complete the task.

I can give daily 4-5hr or more (depending upon office work) towards this project.

I am open to work in US, UK, or India timezone depending upon the project requirement.

To keep myself organized I make use of notepads, reminders, and personal notes with timing.

Skill stack which I currently have which can be used to contribute towards the project: JavaScript, yaml, json, typescript, RTC, socket.io, middleware, REST API, Authentication process, etc

As I mentioned previously I believe in continuous improvement hence open to feedback [ be it technical or social or in other areas ], willing to learn new technologies, tools and approaches to improve my skills and contribute towards the project.

Q5) Once you’ve selected a project from the ideas section, please suggest a weekly schedule with clear milestones and deliverables around it. Alternatively, if you want to propose your own idea then please include an outline, goals, and a well-defined weekly schedule with clear milestones and deliverables.

I have created below weekly schedule, but open to negotiating changes to the schedule as needed, with the goal of ensuring the successful completion of the project

Week 1:

Research and analysis of existing authentication and authorization systems used in WebSocket servers.
Understand how glee uses middleware to implement authentication and authorization.
Milestone: Submit the plan for review by the mentors.

Week 2-3:

If possible try to implement mini version of middleware and try to configure it with Glee.
Once above is successful then try to tweak parameters present in glee.config.js
Write tests and documentation on the same
Milestone: Submit the logic and results to mentor to validate if I am going in right direction

Week 4-5:

Submit a pull request with the changes in glee.config.js which can be used to achieve the result.

Week 6-7:

Integration testing of the authentication and authorization feature with glee.
Identify and fix any bugs or issues.
Milestone: Submit a pull request with the final changes and updates for review by the mentors.

Week 8:

Final review and testing of the code.
Update documentation as needed.
Milestone: Submit the final code and documentation for approval by the mentors.

==============================================================
I have a query in contribution guide there is mentioning about 'MANDATORY QUALIFICATION TASK: Please engage on your selected project (link to each GitHub repo is in the issue description) by picking up an existing issue tagged "first issue". If no first issues are available, get in contact with the main mentor as listed in the repo's README.md and get individual advice.'

I request you to provide me with Mandatory qualification task so I can start contributing towards the project.

At present I am looking at asyncapi/glee/issues to get started with the contribution

Looking forward to hearing from your side

[shubhsinha]

Dear Mentors and Project Coordinators,

I am Shubhashish Sinha, a sophomore at BITS Pilani, Pilani Campus, and a first-time participant in GSOC. I am writing to express my interest in contributing to your project. What interests me most about this project is the opportunity to learn and develop my skills in building WebSocket servers with glee and implementing authentication middleware. As a developer, I am always looking for ways to expand my knowledge and contribute to meaningful projects.

To get the best out of me, I would appreciate clear communication and guidance on the project goals and milestones. I am open to constructive feedback and willing to make changes to ensure the success of the project. Additionally, I am willing to collaborate and communicate regularly with the team to ensure that we are on track with the project timeline.

Whilst working alongside you, I plan to study and research best practices in authentication middleware implementation, WebSocket servers, and glee configuration. I am committed to delivering high-quality work and will use the necessary tools and resources to keep myself organized and on track. I usually keep myself organized by using project management tools such as Trello and Asana, and version control tools such as Git and GitHub.

If selected for the project, I would propose the following weekly schedule with clear milestones and deliverables:

Week 1: Research and study existing authentication middleware implementation and glee configuration. Deliverable: A summary of best practices for authentication middleware implementation.

Week 2: Develop a prototype of the authentication middleware for glee server and client adapters. Deliverable: A working prototype of the authentication middleware for glee server and client adapters.

Week 3-4: Test and debug the authentication middleware implementation. Deliverable: A tested and debugged implementation of the authentication middleware for glee server and client adapters.

Week 5-6: Document the implementation process and create a user guide for the authentication middleware. Deliverable: A user guide for the authentication middleware implementation.

I look forward to hearing back from you.

[Rudrak3]

Hi Mentors [ @AceTheCreator @jansche @Souvikns @KhudaDad414 ]

I am Rudresh pursuing Bachelor in Technology and I am excited to participate in GSOC 2023 for the first time. I am interested in contributing towards the "Authentication layer for glee, support for different authentication frameworks" project.

My interest in field of Software Engineering grew after creating my own projects using Python, Machine Learning, CSS, HTML, JavaScript and I believe I will be great asset towards this project.

I will be introducing myself by referring to format mentioned in Contribution Guide

Q1) What interests you most about this project ?

After reading the problem statement I researched on each keyword and found the project to be more interesting and wanted to contribute towards the project on changing parameters of glee.config.js to enable multiple authentication and authorization process.

What excites me the most about this project is the opportunity to contribute to a project that has the potential to positively impact the development community and creating a win-win situation for both parties.

Q2)As mentors and project coordinators, how can we get the best out of you?

As for getting the best out of me, I work well when given clear instructions and expectations. I would appreciate regular check-ins and feedback to ensure that I am on track and meeting project goals.

Q3) Is there anything that you’ll be studying or working on whilst working alongside us?

As I embark on this project, my foremost goal is to expand my knowledge of the intricacies of implementing enablement of multiple authentication and authorization with Glee. In addition, I aim to hone my coding skills, such as design patterns, testing methodologies, and best practices, so that my contributions are not only robust but also maintainable. I am eager to immerse myself in the project standards and leverage any available resources to create a top-notch solution that meets the project's requirements.

Q4) We'd love to hear a bit on your work preferences, e.g. how you keep yourself organized, what tools you use, etc?

In terms of work preferences, I keep myself organized by breaking tasks down into smaller, manageable pieces and using project management tools like Trello or Asana to keep track of my progress. I also make sure to communicate regularly with my team members to ensure that we are all on the same page.

Q5)Once you’ve selected a project from the ideas section, please suggest a weekly schedule with clear milestones and deliverables around it. Alternatively, if you want to propose your own idea then please include outline, goals, and a well-defined weekly schedule with clear milestones and deliverables.

Below is rough weekly schedule but it can be changed based on feedback and discussion

Week 1:

Conduct research and analysis on existing authentication and authorization systems used in WebSocket servers
Understand how glee uses middleware to implement authentication and authorization
Milestone: Submit the plan for review by the mentors

Week 2-3:

Tweak parameters present in glee.config.js so as to achieve the end result of enabling multiple authentication and authorization process.
Write tests and documentation
Milestone: Submit the logic and results to mentor to validate if I am going in the right direction

Week 4-5:

Submit a pull request with the changes in glee.config.js which can be used to achieve the desired result
Continue testing and refining the code
Milestone: Submit a pull request with the final changes and updates for review by the mentors

Week 6-7:

Conduct integration testing of the authentication and authorization feature with glee
Identify and fix any bugs or issues
Milestone: Submit a pull request with the final changes and updates for review by the mentors

Week 8-9:
Perform a final review and testing of the code
Update documentation as needed
Milestone: Submit the final code and documentation for approval by the mentors

I look forward to working with the mentors and contributing to the success of this project!

[Souvikns]

Hello everyone, it's wonderful to see so many of you interested in the project!

The proposal period is set to open on March 20th, so there's no need to rush your proposal just yet. Instead, I would recommend taking this time to become more familiar with the project and the AsyncAPI community. Use this period to explore the codebase and get to know the mentors. If you have any questions or ideas, feel free to share them here: asyncapi-archived-repos/glee#377. We're eager to hear from you and welcome your contributions.

My Tech Stack Includes : C, C++ , Python , Java, JavaScript , HTML , CSS , SQL
I want to contribute please help , I am starting out in open source.
I used postman when working with API to test json file , I would love to learn more .
@AceTheCreator

Currently Learning NodeJS

[Infamia2334]

Greetings mentors @AceTheCreator @jansche @Souvikns @KhudaDad414
I am writing to express my interest in contributing to the AsyncAPI plugin project for Postman as part of Google Summer of Code 2023. These are some points I want to bring to your attention about myself and my interest in this issue:

• As a backend developer with enterprise experience in Node.js and a master's student in computer applications, I believe I have the skills and motivation to help bring this project to fruition.
• I am impressed by Postman's commitment to open-source and its mission to make API development simpler and more accessible for everyone. I see the potential value that the AsyncAPI plugin could bring to the API development process, and I am excited about the opportunity to contribute to this project.
• In terms of my technical background, I have experience building APIs, working with databases, and designing event-driven systems. I am also familiar with various Node.js frameworks and libraries, which should enable me to work with the AsyncAPI specification and implement the plugin effectively.
• Furthermore, I have experience working in a team environment, and I understand the importance of communication and collaboration in open-source development. I am committed to following the best practices and standards outlined by Postman and the AsyncAPI community to ensure that the plugin is well-designed, well-tested, and well-documented.

I look forward to discussing this opportunity further and learning more about how I can contribute to the Postman Open Technologies community.

Thank you for your consideration.

Best regards,
Dipan

[Souvikns]

Kind reminder to everyone, don't forget to register on the GSoC website and submit your proposal officially. If you want mentors to review your proposals do share them with us at souvik.de@postman.com and khudadad.nomani@postman.com.

[pragya-20]

Hi there!
My name is Pragya Bhardwaj, and I am a Software Developer based in India. I specialize in working with Javascript, JSON, React, and React Native, and have experience developing software applications using these technologies.

While reviewing the project description, I understand that we need to implement 4 types of authentication but I am particularly excited to work on TLS authentication and OAuth 2.0 because these will be new for me to implement. I have implemented basic and token-based authentication using javascript. I am eager to work with the team and contribute to this feature.
@Souvikns / @KhudaDad414, can you please tell me, from where I can pick the good first issues related to it
Thanks!