Skip to content

Extended Authorization

Extended Authorization enables users to authorize using their own services, supporting external databases such as MySQL and Redis as data sources, or connecting to an HTTP service for authorization authentication.

Note

The extended authorization is not supported in the Serverless edition.

Extended Authorization Data Sources

Authorize with HTTP

Authorize with MySQL

Authorize with PostgreSQL

Authorize with Redis

Note

Although a maximum of two extended authorizations is supported, it is recommended not to use multiple extended authorizations simultaneously for performance reasons.

Authorization Order

After adding extended authorization data sources, you can sort them, supporting a custom authorization chain: drag and arrange the authorization data source icons to configure the authorization order.

In the extended authorization page, click Authorization order to enter the order page. The deployment will perform authorization checks in the order from left to right. By default, the most recently added authorization is placed first, and the default authorization is placed last.

  • Actions are matched with permissions, allowing or denying client operations based on permissions
  • If actions do not match with permissions, the check is passed to the next authorization checker Custom authorization chain: Authorization data source icons can be dragged and arranged left and right to sequence the authorization order.

add_acl

Enable Authorization Whitelist Mode

When the whitelist mode is enabled, all users are prohibited from subscribing and publishing by default. Clients need to be granted authorization to perform subscription and publishing actions.

Follow the steps in Enable Authorization Whitelist Mode to set up default authorization. After adding an extended authorization data source, go to the extended authorization page and click Authorization Order to enter the sorting page. Ensure that "Default Authorization" is positioned at the far right in the authorization order to enable whitelist mode.