Security, when fetching from notification-center
Hey folks,
we want to use novu notification center and have found a security concern. (most likly, because we missed something i guess)
How does the apis/notification center ensure, that only authenticated users are able to fetch their data and cannot change data of other subscribers? we are using oAuth2 jwt-token auth for our own services.
6 Replies
@SHG-TV
We have HMAC encryption feature for this
Checkout this doc to learn more about HMAC
https://docs.novu.co/notification-center/client/react/get-started#hmac-encryption
great article, but a little hidden, exspecialy, when not using react. Thank you very much 🙂
This option is available in all other frameworks like angular, vue as well in iframe, web component and headless
What do you think? What should be the better place to highlight this feature in docs?
I would suggest to move HMAC Section into a section under Notification Center called Authorization / HMAC
Maybe also considder move all not library specific thing one level up + write a hint, that examples are in react. (only my preference)
Another idea would be to put it or a link under Providers -> In-App
Thanks for the feedback. We will highlight this section in all of the libraries and provides -> in-app
Thank you very much, very appreciated ❤️