Tokens - Naflows/naflows-auth GitHub Wiki
NASS' tokens
Token System Overview
The NAFLOWS Authentication Service System (NASS) uses tokens to regulate access and enforce security policies. Each token is bound to a session, allowing a user to have varying permissions depending on the session context.
Every token grants a specific set of rights that define what the user is permitted to do. These rights are used to both authorize legitimate actions and prevent unauthorized behavior. Some tokens are single-use and tied to sensitive operations like session renewal or confirmation.
TokenRights Definition
You can find this definition inside the collections types
export type TokenRights =
| "USER_READ_OWN"
| "USER_EDIT_OWN"
| "TOKEN_RENEWAL"
| "SESSION_RENEWAL"
| "SESSION_CONFIRMATION"
| "NASS_SECURE_CHECK"
| "NASS_SECURITY_ADD"
| "NASS_SECURITY_DEACTIVE"
| "NASS_VIEW_STRUCTURE"
| "NASS_TEAM_ADD"
| "NASS_TEAM_REVOKE"
| "NASS_TEAM_UPDATE"
| "SERVICES_VIEW"
| "SERVICES_EDIT"
| "SERVICES_CREATE"
| "SERVICES_DELETE"
| "BLACKLIST_VIEW"
| "BLACKLIST_EDIT"
| "BLACKLIST_CREATE"
| "DATA_VIEW"
| "DATA_EDIT"
| "DATA_CREATE"
| "LOGS_VIEW";
Rights Description Table
| Token Right | Description |
|---|---|
USER_READ_OWN |
Read own user data |
USER_EDIT_OWN |
Edit own user data |
TOKEN_RENEWAL |
Renew token (note: max usage is 1) |
SESSION_RENEWAL |
Renew session (note: max usage is 1) |
SESSION_CONFIRMATION |
Confirm a session and validate it |
NASS_SECURE_CHECK |
Check if a connection is secure and accepted |
NASS_SECURITY_ADD |
Add a new secure connection |
NASS_SECURITY_DEACTIVE |
Deactivate an existing secure connection |
NASS_VIEW_STRUCTURE |
View the internal structure of NASS |
NASS_TEAM_ADD |
Add a new user to the NASS team |
NASS_TEAM_REVOKE |
Revoke a user from the NASS team |
NASS_TEAM_UPDATE |
Update information for a NASS team member |
SERVICES_VIEW |
View registered NASS services |
SERVICES_EDIT |
Edit registered NASS services |
SERVICES_CREATE |
Create new NASS services |
SERVICES_DELETE |
Delete existing services or tokens (may trigger service token regeneration) |
BLACKLIST_VIEW |
View blacklisted IP addresses |
BLACKLIST_EDIT |
Modify blacklisted IP addresses |
BLACKLIST_CREATE |
Add new IP addresses to the blacklist |
DATA_VIEW |
View data from the database |
DATA_EDIT |
Modify existing database data |
DATA_CREATE |
Insert new data into the database |
LOGS_VIEW |
View logs generated by the NASS |