Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add proxy middleware to fetch user roles for the token context #114

Closed
butonic opened this issue Jun 19, 2020 · 1 comment
Closed

add proxy middleware to fetch user roles for the token context #114

butonic opened this issue Jun 19, 2020 · 1 comment
Assignees
@refs
Labels
OCIS-Sprint-15 OCIS-Sprint-16 p3-medium

Comments

@butonic
Copy link
Member

butonic commented Jun 19, 2020
edited by exalate-issue-sync bot
Loading

after the account has been determined we need to fetch the roles the account has. should be a dedicated roles middleware.

open design question:

  • should we fetch all roles or can we reduce the scope by looking at the request destination / other properties? if subsequent services need to know about roles in other scopes they can fetch them themself?
  • should we mint all roles into the token?

Open PR: owncloud/ocis-proxy#70

Current Implementation

The middleware fetches all role assignments for the authenticated user and mints their roleIDs into the x-access-token.

Services performing permission checks can then use the RoleManager from ocis-pkg to keep a self-updating local cache of those roles and run permission checks against that RoleManager.
@IljaN
Copy link

IljaN commented Jul 6, 2020

Should we mint all roles into the token?

Not "all" but the once assigned to the user.

@micbar micbar transferred this issue from owncloud/ocis-proxy Jul 20, 2020
@exalate-issue-sync exalate-issue-sync bot changed the title fetch roles from the ocis-setting service add proxy middleware to fetch user roles for the token context Jul 20, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@refs refs

Labels
OCIS-Sprint-15 OCIS-Sprint-16 p3-medium
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@IljaN @butonic @refs