Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: added allow_if authorizer #1034

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat: added allow_if authorizer #1034

wants to merge 1 commit into from

Conversation

akselleirv
Copy link

Related issue(s)

Checklist

  • I have read the contributing guidelines.
  • I have referenced an issue containing the design document if my change
    introduces a new feature.
  • I am following the
    contributing code guidelines.
  • I have read the security policy.
  • I confirm that this pull request does not address a security
    vulnerability. If this pull request addresses a security vulnerability, I
    confirm that I got the approval (please contact
    security@ory.sh) from the maintainers to push
    the changes.
  • I have added tests that prove my fix is effective or that my feature
    works.

Will update these as soon I'm close to an approval.

Further Comments

@CLAassistant
Copy link

CLAassistant commented Nov 15, 2022
edited

CLA assistant check
All committers have signed the CLA.

@codecov
Copy link

codecov bot commented Nov 15, 2022
edited

Codecov Report

Merging #1034 (fc8bf74) into master (f363b3a) will increase coverage by 0.03%.
The diff coverage is 81.81%.

@@            Coverage Diff             @@
##           master    #1034      +/-   ##
==========================================
+ Coverage   78.70%   78.73%   +0.03%     
==========================================
  Files          83       84       +1     
  Lines        3869     3913      +44     
==========================================
+ Hits         3045     3081      +36     
- Misses        554      559       +5     
- Partials      270      273       +3
Impacted Files Coverage Δ
pipeline/authz/authorizer_allow_if.go 81.81% <81.81%> (ø)

@aeneasr
Copy link
Member

aeneasr commented Nov 16, 2022

Thank you for the PR! Could you please summarize what this feature does and how it works? Thank you! :)

@akselleirv
Copy link
Author

Thank you for the PR! Could you please summarize what this feature does and how it works? Thank you! :)

Hello @aeneasr,

One use-case I have is that I want to check if the JWT has the expected subject. For example, one of the rules I have only permits a user which has the sub field set to some value.

An example config would look like:

- id: check-sub
  upstream:
    url: https://example.com
  match:
    url: https://example.com
    methods:
      - GET
      - POST
  authenticators:
    - handler: jwt
      config:
        allowed_algorithms:
          - RS256
        jwks_urls:
          - https://example.com
        trusted_issuers:
          - https://example.com
        token_from:
          header: X-Id-Token
        target_audience: []
  authorizer:
    - handler: allow_if
      config:
        key: "{{ .Subject }}"
        op: Equals
        value: aeneasr

Another use-case would be to check if some header equals a value:

  authorizer:
    - handler: allow_if
      config:
        key: "{{ .Header.some-key }}"
        op: Equals
        value: some-value

@akselleirv
Copy link
Author

@aeneasr do you have time to look at this again?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aeneasr aeneasr Awaiting requested review from aeneasr aeneasr is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@akselleirv @CLAassistant @aeneasr