Easily Manage OAuth2 Scopes In Go
import "github.com/SonicRoshan/scope"
scopeA := "read:user:*"
scopeB := "read:user:username"
doesMatch := scope.MatchScopes(scopeA, scopeB)This strategy will work like this :-
users.*matchesusers.readusers.*matchesusers.read.foousers.readmatchesusers.readusersdoes not matchusers.readusers.read.*does not matchusers.readusers.*.*does not matchusers.readusers.*.*matchesusers.read.ownusers.*.*matchesusers.read.own.otherusers.read.*matchesusers.read.ownusers.read.*matchesusers.read.own.otherusers.write.*does not matchusers.read.ownusers.*.barmatchesusers.baz.barusers.*.bardoes notusers.baz.baz.bar
When a client request certain data, this function will eliminate any data in the struct for which the client does not have a read scope.
type user struct {
username string `readScope:"user:read:username"`
email string `readScope:"user:read:email"`
}
func main() {
output := user{username : "Test", email : "Test@Test.com"}
scopesHeldByClient := []string{"user:read:username"}
scope.FilterRead(output, scopesHeldByClient)
// Now output.email will be nil as client does not have scope required to read email field
output := user{username : "Test", email : "Test@Test.com"}
scopesHeldByClient := []string{"user:read:*"}
scope.FilterRead(&output, scopesHeldByClient)
// Now none of the field in output will be nil as client has scopes to read everything in user struct
}