Booster accepts standard JWT tokens to authenticate incoming requests. Likewise, you can use the claims included in these tokens to authorize access to commands or read models by using the provided simple role-based authorization or writing your own authorizer functions.
Booster uses the OAuth 2.0 protocol to authenticate users. This section explains how to configure it.
Booster uses a whitelisting approach to authorize users to perform commands and read models. This means that you must explicitly specify which users are allowed to perform each action. In order to do that you must configure the authorize policy parameter on every Command or Read Model. This parameter accepts one of the following options: