Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scopes #315

Merged
merged 14 commits into from
Sep 28, 2021
Merged

Scopes #315

merged 14 commits into from
Sep 28, 2021

Conversation

johakoch
Copy link
Collaborator

@johakoch johakoch commented Sep 14, 2021
edited
Loading

  • beta_scope_claim attribute for jwt block
    • JWT access control looks for scope values in claim named by beta_scope_claim
    • value of this claim must either be
      • a string containing a space-separated list of scope values or
      • a list of string scope values
    • scope values are stored in request.context.scopes as list of string
  • beta_scope attribute for api and endpoint block to specify required scope
    • value must either be
      • a string (scope required to use all operations/methods on this api/endpoint) or
      • an object with operation/method as key and string value (scope required to use a specific operation/method on this api/endpoint)
        • operations/methods not listed are not permitted
        • key "*" meaning all other operations/methods
    • empty string ("") meaning no (additional) required scope
  api {
    access_control = [ "myjwt" ]
    endpoint "/contacts" {
      beta_scope = {
        get = "contacts:read"
        post = "contacts:create"
      }
      ...
    }
    endpoint "/contacts/{cid}" {
      beta_scope = {
        get = "contacts:read"
        patch = "contacts:update"
        delete = "contacts:delete"
      }
      ...
    }
  }
...
  jwt "myjwt" {
    ...
    beta_scope_claim = "scope"
  }
Reviewer checklist
  • Read PR description: a summary about the changes is required
  • Changelog updated
  • Documentation: docs/{Reference, Cli, ...}, Docker and cli help/usage
  • Pulled branch, manually tested
  • Verified requirements are met
  • Reviewed the code
  • Reviewed the related tests

@johakoch johakoch marked this pull request as ready for review September 22, 2021 09:19
@afflerbach afflerbach self-assigned this Sep 22, 2021
@afflerbach afflerbach force-pushed the scopes branch 2 times, most recently from 6a6d931 to 372cfa9 Compare September 27, 2021 10:41
afflerbach
afflerbach previously approved these changes Sep 28, 2021
View reviewed changes
@afflerbach afflerbach removed their assignment Sep 28, 2021
@afflerbach afflerbach self-requested a review September 28, 2021 10:20
@johakoch johakoch merged commit aed1b90 into master Sep 28, 2021
@malud malud mentioned this pull request Oct 19, 2021
Merged
@malud malud deleted the scopes branch October 19, 2021 17:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@afflerbach afflerbach afflerbach approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@johakoch @afflerbach