Hi, MemberStack community,
We’re a WebFlow CMS user and we’re trying to set up a workflow where users can create and join an organization using different roles. We have some very simple workflows where users generate data inside their organizations. This means each user should only be able to see data from their organization and should NOT be able to see data from other organizations.
We are currently accomplishing this by mapping each User Item ID in the CMS to an Organization Item ID and a Role (i.e. Owner, Admin, Editor, and Member). We can use MemberStack to manage authentication and authorization for specific User Item ID and Role combinations, however, we have not found a way with MemberStack to scope by Organization Item ID . For now, we’re using WebFlow’s Dynamic Content Filters and Custom Attributes to scope data from the CMS by only showing data that match the Organization Item ID and User Item ID passed from the WebFlow UI. Before launching our site, we’d like to be extra sure that we’re keeping our customer’s organization data safe from attackers.
Typical from our software development experience, we would implement a client web app to fetch a token by logging in through an identity provider (IdP), and then our backend/middle-tier would handle any incoming requests from the client by first checking with the IdP through its SDK or API to verify if the token give is authorized before process the request. However, it’s not clear to us how the Webflow client and its backends (i.e. the CMS + various 3rd party integrations) are aware of how to verify the token against the IdP before processing a request. I also can’t seem to find a simple call flow diagram or doc that explains how MemberStack handles incoming requests; a lot of the WebStack ecosystem is a bit of a black-box and we’d like to make sure our customer’s data is secure from malicious attempts and to understand the security risks and limitations of the ecosystem.
For instance, the MemberStack tutorials describe a setup workflow where we add tags to the head and body of different pages to manage the auth token; I presume these are only used on the client-side. However, it’s not clear to me how the backends (i.e. the WebFlow CMS, Zapier, Integromat, Airtable, HubSpot, etc.) know how to handle the client’s token (decrypt it, verify roles and permission, etc.) since I can’t seem to find a step where I set up the backend’s integration with the IdP.
This said, my main question can be simply summarized as follows:
What are all the measures in place to prevent attackers from making a request directly to the CMS or a 3rd party integration and spoofing the Item IDs from other users?
Thank you very much.