Authentication API KEYS

[tiero]

We should introduce an authorization layer for the exposed gRPC service so that it can be exposed over the public internet and used as a hot-wallet backend by multiple services, each one with specific account-scoped permissions.

It boils down to the type of DSL we want to introduce to describe the RPC access and limitations (ie. Transfer rpc can have X amount to be spent)

[altafan]

macaroons auth FTW? Also, we could add to add a proper bakery command to the cli to facilitate the creation of fine grained constraints as the one you mentioned.

[tiero]

Yes, technology-wise I am ok with it, just saying that open to other less complex alternatives. Even a simple auth in database why not. In the end ocean is used as standalone service by an human, not other micro-services (where macaroons instead are built for)

https://fly.io/blog/api-tokens-a-tedious-survey/

My take is that if you really dont want stateful auth (but in Ocean seems perfect), Facebook CAT and Biscuits are simpler