-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authentication & authorization example #475
Comments
Hello @mbnoimi We have several authorisation examples in our tests. For simple basic authorization you do only need to to two things:
Authorization InfrastructureAuthorization in Oat++ requires two classes: When a request to an authorization-enabled endpoint is received. The request is first directed to the Oat++ ships with two very simple However, you can implement your own Simple Basic-Authorization1: Set Authorization HandlerThe simplest way is to use the default MyController(const std::shared_ptr<ObjectMapper>& objectMapper)
: oatpp::web::server::api::ApiController(objectMapper)
{
// Use default BasicAuthorizationHandler for this controller.
setDefaultAuthorizationHandler(std::make_shared<oatpp::web::server::handler::BasicAuthorizationHandler>("default-test-realm"));
} 2: Enable Authorization for your EndpointTo enable Authorization for an Endpoint, you need to add a ENDPOINT("GET", "auth", myAuthorizedEndpoint,
AUTHORIZATION(std::shared_ptr<oatpp::web::server::handler::DefaultBasicAuthorizationObject>, authObject)) {
// authObject contains userId and password retreived from the request headers.
// Implement your own logic to check those credentials
auto dto = TestDto::createShared();
dto->testValue = authObject->userId + ":" + authObject->password;
if(dto->testValue == "foo:bar") {
return createDtoResponse(Status::CODE_200, dto);
} else {
return createDtoResponse(Status::CODE_401, dto);
}
} Now you have a very simple authorization for your endpoint but have to check the credentials in every endpoint. Custom
|
Can you also provide an example how to use the AUTHORIZATION macro with the API_CLIENT? I figured it out for ENDPOINTS (controller) but not for CLIENTS. I also found no example in github for this :( |
Hello @beuschl , You can find examples in oatpp tests here - https://github.com/oatpp/oatpp/blob/master/test/oatpp/web/app/Client.hpp#L67 API_CALL("GET", "default-basic-authorization", defaultBasicAuthorization, AUTHORIZATION_BASIC(String, authString))
API_CALL("GET", "default-basic-authorization", defaultBasicAuthorizationWithoutHeader)
API_CALL("GET", "basic-authorization", customBasicAuthorization, AUTHORIZATION_BASIC(String, authString))
API_CALL("GET", "basic-authorization", customBasicAuthorizationWithoutHeader)
API_CALL("GET", "bearer-authorization", bearerAuthorization, AUTHORIZATION(String, authString, "Bearer")) |
This works great for creating an handler for a token or simply verifying a userid/password, but what about adding roles/permissions to the Authorization macro on each endpoint? i.e. using .Net as a pattern to show what I mean. https://docs.microsoft.com/en-us/aspnet/core/security/authorization/roles?view=aspnetcore-6.0 We can obviously check roles/permissions inside the handler, but need a way to assign them to the endpoints since the authorize method is being overidden. example:
Just trying to come up with a clean and easy way to add them to each endpoint in the controllers. If we can tell which method/endpoint is calling the handler, we can probably just have them mapped in the database and look them up that way. |
Does Oat++ have a social authentication provider? Like for oauth2, Facebook, Google, etc. Thanks |
Most of common examples in web frameworks are Authentication & authorization examples (ex. django examples).
May you please add some examples regarding that.
The text was updated successfully, but these errors were encountered: