Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Role-based filter for releasing scope values #1246

Closed
gueuselambix opened this issue Jun 1, 2017 · 2 comments
Closed

Role-based filter for releasing scope values #1246

gueuselambix opened this issue Jun 1, 2017 · 2 comments

Comments

@gueuselambix
Copy link

Hi
we have certain scopes which the authorization server should only release to an OAuth2-client if the user has the right role for it.

e.g. scope "courses_read" may only be issued when the user has the student-role.

You could of course implement this check at the resources (courses API in case of my example), but I believe it's the responsibility of the authorization server. Resources could then solely base their authorizations based on the presence the "courses_read" scope in the token.
@jricher
Copy link
Member

jricher commented Jun 1, 2017

This was considered a while ago in #351 but hasn't been implemented yet, to my knowledge. You'd need to hook into a few different places in the server to make it work. We'd be happy to take a pull request that made this a pluggable function.

@gueuselambix
Copy link
Author

Hmm, ok, I am not that familiar with the code (yet), but perhaps I will look into that.
Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jricher @gueuselambix