Authentication & Authorization¶

This section describes all necessary details about how modules are authenticated against the platform and how operations are authorized.

TL; DR¶

As a developer you will not have to perform any steps to authenticate your modules. The platform takes care of that:

Modules can communicate with platform services.
They are authenticated automatically for endpoints exposing the platform services.
Modules can only communicate with platform services that are associated with the area they have requested during the publishing process.

Authentication¶

...

Authorization¶

2024-05-02 - For now, the platform does not perform any authorization at all. That means, once the module is made available in the platform, all organization members will be able to use the module.

Module developers are discouraged from implementing custom permission schemes

Although sensible, we discourage developers to implement any form of authorization (via roles and permissions) in the module itself. Instead, organization administrators will determine what operations are permitted for whom in the HortiView platform.

Administrators will be able to select a CRUD operation the modules wants to perform and decide for whom this operation is available. These CRUD operations are associated with a business object. For example, if a Season object is used in the module, the administrator will be able to decide whether the object can be create, read, updated or deleted by a particular role.

The platform team is working on a mechanism to allow for organization administrators to specify the roles that will be able to use a module and what operations can be performed by these roles.