Skip to content

Hubs authorization

Greg Fodor edited this page Jan 18, 2020 · 3 revisions

This is a brief overview of authorization.

  • The server authorizes all instantiation messages. If a user is not authorized, instantiation messages from them will not be sent to peers.
  • For update messages, the client authorizes and filters. Authorization is two stage:
    • First, we check if a message is affirmatively authorized, meaning that it is explicitly allowed by policy. This check happens in authorizeEntityManipulation in permissions-utils.js.
    • If that check fails, then the message is sanitized, which to strips it down to just a specific, optional subset component attributes which do not require authorization.
      • These components are defined as nonAuthorizedComponents in network-schemas.js
      • The reason for this component whitelist is dictated by use case. For example, we allow anyone in the room currently to manipulate the video playback state or pager state on media, because to lock that down otherwise would mean that scene-owned assets would never be controllable by users.