Adding autorization for an app on Command and Device services

[salomeldc]

Hi,

I want to know if EdgeX offers the possibility to manage app authorization to communicate with device in order to personnalize what each apps can or can't do.
Does anybody know ? I investigate through the COMMAND documentation and code but I did'nt found anything other than the GATEWAY API security level.

[bnevis-i]

salomeldc,

Yes, this is correct. The current EdgeX security mechanism is all-or-nothing.

The API Gateway does forward the JWT to the consuming service, so the service DOES have enough information to make fine-grained authorization decisions. But none of the EdgeX microservices have a policy agent in order to know what to do with said JWT.

The project does have a formal method of requesting features like this called the "Use case record" where you can state the value in adding fine-grained authorization features to EdgeX.

If you need fine-grained authorization you should upgrade to EdgeX 3.0 before forking the code, as EdgeX 3.0 checks JWT validity at the microservice level whereas EdgeX 2.0 only checks it at the API gateway.