Vorträge

Triff uns auf einer Konferenz!

Verschaffe dir einen Überblick, auf welchen Events unsere codecentric-Kollegen als Referenten vertreten sind. Wir würden uns freuen, dich auf einer Konferenz persönlich begrüßen zu dürfen.

Authentication and authorization in plumber with the sealr package

12.07.2019

useR!

Centre de Congrès Pierre Baudis, Toulouse, France

Application Programming Interfaces (APIs) have become the most common way how services „talk“ to each other, e.g. in a typical frontend-backend design. The plumber package offers capabilities to implement an API in R, making it possible to use R for software development use cases that often require security best practices. In my talk, I will show how we can use plumber filters to secure plumber APIs. I then present the sealr package (github.com/jandix/sealr) which provides standardized strategies for authentication and authorization, namely JSON Web Tokens (JWT) (implemented), OAuth2 and general API tokens (under development at time of submission). sealr is inspired by the manifold passport.js package for Node.js. The main functionality of sealr is verifying tokens sent to plumber – how those tokens are issued by plumber is not covered (yet) as it is highly application-specific. However, we provide implementation examples for each method.
As authentication middleware specifically developed for the plumber framework, sealr differs from packages such as sodium, openssl, jose and bcrypt that implement specific encryption and/or hashing algorithms. secret, digest and keyring are used for securely storing (R) objects.
With sealr, we aim to make authentication and authorization as easy as possible to implement for R users so that plumber APIs can be used in security-sensitive environments.

Friedrike PreuFriedrike Preu