New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for determining claims based on rules #39
Conversation
@halkeye wow, i never thought of this! this is a really cool solution and I can see it being very applicable to future auth backends. |
I'm interested in knowing if govaluate is the right choice vs a Could you write some examples to help me understand how govaluate would look if you wanted to check:
|
I didn't fully understand 3 PS, you need tests so I can add these cases :) Given the response from oidc server: email: gavin@gavinmogan.com
email_verified: true
family_name: Mogan
foo2:
- wireguard-admin
given_name: Gavin
group_membership:
- JellyfinAdministrator
- NextcloudAdmins
- NextcloudUsers
- WireguardAdmins
name: Gavin Mogan
preferred_username: halkeye
sub: something something id The following rules: doesntHaveEmail: "email != 'bill@gates.com'"
isGavin: "given_name == 'Gavin'"
hasEmailVerified: 'email_verified'
isAdmin: "'WireguardAdmins' in group_membership"
isNotAdmin: "!('WireguardAdmins' in group_membership)" produces: - name: doesntHaveEmail
value: "true"
- name: isGavin
value: "true"
- name: hasEmailVerified
value: "true"
- name: isAdmin
value: "true"
- name: isNotAdmin
value: "false" |
@halkeye cool; i think we should merge this feature using this approach. I'd like to refactor so that we can have backends set Claims on the Identity struct when calling The reason I want to refactor this is so that the provider implementation is simple - i.e. just need to pass claims from OIDC/LDAP/Other to the Identity (no logic) I've got a little side mission to keep the auth layer general so i can break it out into it's own library at some stage 😃 |
\o/ Feel free to let me know how I can help, but totally cool with whatever you end up doing with the code. This setup works for me, I have no idea what works for others. |
e4b5f3e
to
f1454e0
Compare
It's been a couple weeks now. Any idea what your plan is? Do you have changes you want to make? Or are you going to merge and make them? I want to redeploy soon and would love these two merged |
@halkeye i'll get to this one soon as well. |
@halkeye this is now up as 0.2.0-rc7 with the SQL change as well. Let me know if it's all working for you. If you're happy then i'll put it up as a 0.2.0. |
…le-eng/grpc-web-0.15.0
So a version that solves #34
I like govalidate rules, its super flexible
Hopefully this works