Qonfucius SSO Utility
qonfucius-sso-utility
is a simple tool to implement Qonfucius's SSO and handle token and scope verification on your back-end resource web app.
Features
To be able to use UtilityError
as an actix-web
response error you need to enable the following actix
feature:
= { = "0.1.0-alpha", = ["actix"] }
Be warned as the current implementation provokes this:
ParsingError
will render aStatusCode::INTERNAL_SERVER_ERROR
(500)TokenError
will render aStatusCode::UNAUTHORIZED
(401)ScopeError
will render aStatusCode::FORBIDDEN
(403)
I can work for you but we highly recommend a custom implementation on your side.
Environment variables s
Name | Description |
---|---|
SSO_URI | URL of the SSO instance |
SSO_SELF_DOMAIN | Domain of your application to identify your scopes |
Setup
After installation you need to define a Scoped Resource type, usually an enum
that implements the following traits:
Eq
Hash
Clone
Debug
FromStr
Example
This is the definition used in one of our own API.
use UtilityError;
Once your type is declared you can use it as the T
value of Scope<T>
Scopes
When you verify a token the scope
will look like this:
The env var SELF_SSO_DOMAIN
will define which subset to use, and the scopes will be parsed. Each scope looks like this:
$RESOURCE::$ACL
.
While the $ACL
is either write
or read
, the $RESOURCE
is for you to define like we showed earlier.
Steps
To verify a token and access authorized scopes the steps are the following:
async