AuthZ: Add IAuthorizationRequirementData #44551
Labels
api-approved
API was approved in API review, it can be implemented
area-auth
Includes: Authn, Authz, OAuth, OIDC, Bearer
blog-candidate
Consider mentioning this in the release blog post
Done
This issue has been fixed
enhancement
This issue represents an ask for new feature or an enhancement to an existing one
✔️ Resolution: Fixed
The bug or enhancement requested in this issue has been checked-in!
Milestone
Background and Motivation
We want to make it easier to attribute endpoints to add additional requirements for authorization. This interface will help by letting metadata or custom attributes specify requirements which will automatically get combined with other existing authorization mechanisms. Note the presence of IAuthorizationRequirementData metadata will be treated similar to IAuthorizeData, meaning its considered opting in for authorization (but it does not automatically bring in the default policy, see examples)
Proposed API
Usage Examples
Example 1: Derive from Authorize attribute without specifying a policy to customize the default policy by adding arbitrary requirements, i.e.
Example 2: Fully specify the requirements without interacting with default policy (no authorize attribute), i.e. only allow authorization on Tuesdays
Alternative Designs
Decided against allowing specification of a fully policy to minimize the complexity of how it combines with existing methods of producing policies, as its trivial to combine additional requirements (always safe to combine)
Risks
New way to opt into authorization where before only [Authorize]/
IAuthorizeData
was used to require authorization.The text was updated successfully, but these errors were encountered: