[−][src]Crate qonfucius_sso_utility
Qonfucius SSO Utility
qonfucius-sso-utility
is a simple tool to implement Qonfucius's SSO and handle token and scope verification on your back-end resource web app.
Environment variables
Name | Description |
---|---|
SSO_URI | URL of the SSO instance |
SSO_SELF_DOMAIN | Domain of your application to identify your scopes |
Setup
After installation you need to define a Scoped Resource type, usually an enum
that implements the following traits:
Eq
Hash
Clone
Debug
FromStr
Example
This is the definition used in one of our own API.
use qonfucius_sso_utility::UtilityError; use std::str::FromStr; #[derive(Clone, Debug, PartialEq, Hash, Eq)] pub enum ScopedResource { Content, ContentSchema, Media, } impl FromStr for ScopedResource { type Err = UtilityError; fn from_str(s: &str) -> Result<Self, Self::Err> { match s.to_lowercase().as_str() { "content" => Ok(Self::Content), "content_schema" => Ok(Self::ContentSchema), "media" => Ok(Self::Media), _ => Err(UtilityError::ParsingError(String::from( r#"Scoped Resource part must be 'content', 'content_schema' or 'media"#, ))), } } }
Once your type is declared you can use it as the T
value of Scope<T>
Scopes
When you verify a token the scope
will look like this:
{
"scopes": {
"my_domain": ["content::read", "notifications::write", "medias::write"],
"not_my_domain": ["some_resource::read", "stuff::write"]
}
}
The env var SELF_SSO_DOMAIN
will define which subset to use, and the scopes will be parsed. Each scope looks like this:
$RESOURCE::$ACL
.
While the $ACL
is either write
or read
, the $RESOURCE
is for you to define like we showed earlier.
Steps
To verify a token and access authorized scopes the steps are the following:
async fn main() { let token = "TokenToCheck"; // Calls the SSO to verify the token and retrieves the `Token` response let token_response = Token::verify_token(&token).await.unwrap(); // Parse the scopes matching your domain (`SSO_SELF_DOMAIN`) let scope: Scope<ScopedResource> = token_response.parse_scope().unwrap(); // you can now use the `Scope<T>` object to handle your authorizations }
Modules
scope | Scope handling module |
Structs
Token | Representation of the SSO response on a successful token verification |
User | User representation as rendered by the SSO on access token verification success |
Enums
UtilityError | The crate error enum |
Traits
AuthorizeScope | Utility Trait to handle ACL from a type to an other through a custom |