High-level guide on how to deal with user authorization?

Is there any documentation or example that explains, or gives pointers to how to implement user authorization/access control?

I’d like to persist (using levelDB, I guess) documents who have one owner. Some documents can further be shared with other, selected users.

I wasn’t able to find any information (might have looked in the wrong places).
To be clear: I know how to build a “classic” user authentication & authorization backend using PHP/MySQL or NodeJS/MongoDB, or even using a provider like Auth0. I’m just not sure about the implications when using YJS, or how to integrate YJS with a classic backend.

Much confusion :sweat_smile:

Thank you for any help :pray:

Hi @mjsarfatti,

the threads for this topic are all over the place. Which was the main reason to create this discussion board ^^

So I’m afraid the following links won’t be too helpful:

https://github.com/yjs/y-websocket/issues/7 - Winston Fasset modified the y-websocket server to authenticate clients. I think eventually he adapted the protocol and added an authentication event message. So in any case you need to modify the y-websocket server.

https://github.com/yjs/y-websocket/issues/14 - Everything you need to know about how to persist data is here: https://github.com/yjs/yjs#Document-Updates - but again, you probably want to implement this by yourself using the database you are using. Important: Don’t be tempted to store the document in JSON encoding or text (if you are making a text editor collaborative). The best approach is to simply store the Yjs model in a database.

Authorization, you guessed it, is also something that is too application-specific to be included in Yjs. My suggestion is to work with random document keys that identify the document. Only clients with the correct key have access to the document. This is also how room.sh and many public notepads work. For more fine-grained control you need to implement something on your own.

https://github.com/yjs/yjs/issues/170 another helpful thread. A user shared his y-leveldb implementation. You could make use of it. Eventually (this is discussed here) I’d like to have a maintained y-leveldb implementation.