I'm not sure auth, middleware and input/output processors difference
hi, team! I'm bit curious about auth feature. https://mastra.ai/ja/docs/auth
do you have some plan to provide a user guilde or customizable auth class like input/output processors?
now, i know mastra provides some auth providers feature via auth package and some more providers are being added. In some senario, I should create another auth feature like aws cognito, microsoft something, next-auth etc. Roughly speaking, we have to add jwt token verification or cookie decryption to verify whether api requester has the right to access our service or not, and additionally add runtime context by using jwt token claim information like custom attributes or something.
So, if possible, I want to see your guideline about authorization flow of mastra application. Especially,
- What's the difference between middleware, auth, input/output processors including pros/cons
- I'm not clear how mastra applications works enough. for example, what is exected earlier, middleware, auth and processors
- When developers add custom authentication feature into mastra app, what kind of considerations are required?
- for example, I'm not clear whether internal api requrests are successfully bypassed when developers set a custom authorization. and why?
- How to contain authorization based context information
- almost multi-tenant application needs this considerations, but it's not clear, I guess.
do you have some plan to provide a user guilde or customizable auth class like input/output processors?
now, i know mastra provides some auth providers feature via auth package and some more providers are being added. In some senario, I should create another auth feature like aws cognito, microsoft something, next-auth etc. Roughly speaking, we have to add jwt token verification or cookie decryption to verify whether api requester has the right to access our service or not, and additionally add runtime context by using jwt token claim information like custom attributes or something.
So, if possible, I want to see your guideline about authorization flow of mastra application. Especially,
- What's the difference between middleware, auth, input/output processors including pros/cons
- I'm not clear how mastra applications works enough. for example, what is exected earlier, middleware, auth and processors
- When developers add custom authentication feature into mastra app, what kind of considerations are required?
- for example, I'm not clear whether internal api requrests are successfully bypassed when developers set a custom authorization. and why?
- How to contain authorization based context information
- almost multi-tenant application needs this considerations, but it's not clear, I guess.
