Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding example of custom authorization server #67

Open
cedricve opened this issue Nov 29, 2021 · 2 comments
Open

Adding example of custom authorization server #67

cedricve opened this issue Nov 29, 2021 · 2 comments

Comments

@cedricve
Copy link

Hello zalando team,

I was interested in your implementation, and as far I do get it right. The implementation of this repo only covers the resource authorization but not the actual authorization service.

Currently I'm generating JWT tokens using a gin-jwt service. I'm using basic authentication to validate and generate a token, afterwards I'm using that token in Swagger API's to fetch resources.

Now I would like to use this implementation (well done btw), to leverage a more fine-grained access control using scope. I'm just wonderin where to start. I believe an UI would required to generate new apps (redirect_uri, client id, client secret, name). Afterwards that information can be used to fetch an authorization token and afterwards the access token. Once you have the latter, you can use your implementation to limit request to it's received scoped token.

I'm just wondering what would be the best way to implement the authorization behaviour, or what implementation should be used.

Thanks for everything!
Cedric

@szuecs
Copy link
Member

szuecs commented Nov 30, 2021

@cedricve you would need an infrastructure or provider that is the authorization server that given a clientID and clientSecret will return JWT tokens. The token would be validated by this middleware handler. There are implementations for Github and Google IDP and our own, but I am also happy to review PRs for other implementations.
Some people tried to use UI logins via GH/Google and there seems to be an issue with sessions #66. If you need this and are able to fix it I am happy to review, merge and publish a release. I don't have time to fix the session issue, in my tests it worked, but I have limited time to check it, right now.

@cedricve
Copy link
Author

great thanks for helping, well we have our own service for authentication (username, password) -> (24h JWT). I'm looking to enhance capabilities (security) by introducing an OAuth layer on top. I will try to bake something during the weekend, and get back!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants