Trait wasmcloud_host::Authorizer [−][src]
pub trait Authorizer: CloneAuthorizer + Sync + Send {
fn can_load(&self, claims: &Claims<Actor>) -> bool;
fn can_invoke(
&self,
claims: &Claims<Actor>,
target: &WasmCloudEntity,
operation: &str
) -> bool;
}
Expand description
An authorizer is responsible for determining whether an actor can be loaded as well as whether an actor can invoke another entity. For invocation checks, the authorizer is only ever invoked after an initial capability attestation check has been performed and passed. This has the net effect of making it impossible to override the base behavior of checking that an actor’s embedded JWT contains the right capability attestations.
Required methods
This check is performed during the start_actor
call, allowing the custom authorizer to do things
like verify a provenance chain, make external calls, etc.