Skip to content

SMQ-2627 - Align PATs with new architecture #3295

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
nyagamunene wants to merge 10 commits into
base: main
Choose a base branch
from
Open

SMQ-2627 - Align PATs with new architecture #3295

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
c413add
align pats with entity operations
nyagamunene Dec 18, 2025
3d2c02a
fix authorization
nyagamunene Dec 18, 2025
04009b7
fix tests
nyagamunene Dec 18, 2025
be31175
fix failing linter
nyagamunene Dec 19, 2025
44ba595
update proto
nyagamunene Dec 22, 2025
6b98181
update proto
nyagamunene Dec 22, 2025
bc48ff0
address comments
nyagamunene Dec 23, 2025
ca4d7fa
address comments
nyagamunene Dec 23, 2025
784745f
update error
nyagamunene Dec 23, 2025
30bd274
fix failing linter
nyagamunene Dec 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 24 additions & 14 deletions api/grpc/auth/v1/auth.pb.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 4 additions & 4 deletions auth/api/grpc/auth/client.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ func (client authGrpcClient) Authenticate(ctx context.Context, token *grpcAuthV1
return &grpcAuthV1.AuthNRes{}, grpcapi.DecodeError(err)
}
ir := res.(authenticateRes)
return &grpcAuthV1.AuthNRes{Id: ir.id, UserId: ir.userID, UserRole: uint32(ir.userRole), Verified: ir.verified}, nil
return &grpcAuthV1.AuthNRes{Id: ir.id, UserId: ir.userID, UserRole: uint32(ir.userRole), Verified: ir.verified, TokenType: ir.tokenType}, nil
}

func encodeIdentifyRequest(_ context.Context, grpcReq any) (any, error) {
Expand All @@ -67,7 +67,7 @@ func encodeIdentifyRequest(_ context.Context, grpcReq any) (any, error) {

func decodeIdentifyResponse(_ context.Context, grpcRes any) (any, error) {
res := grpcRes.(*grpcAuthV1.AuthNRes)
return authenticateRes{id: res.GetId(), userID: res.GetUserId(), userRole: auth.Role(res.UserRole), verified: res.GetVerified()}, nil
return authenticateRes{id: res.GetId(), userID: res.GetUserId(), userRole: auth.Role(res.UserRole), verified: res.GetVerified(), tokenType: res.GetTokenType()}, nil
}

func (client authGrpcClient) Authorize(ctx context.Context, req *grpcAuthV1.AuthZReq, _ ...grpc.CallOption) (r *grpcAuthV1.AuthZRes, err error) {
Expand All @@ -90,6 +90,7 @@ func (client authGrpcClient) Authorize(ctx context.Context, req *grpcAuthV1.Auth
}
} else if pat := req.GetPat(); pat != nil {
authReqData = authReq{
TokenType: pat.GetTokenType(),
UserID: pat.GetUserId(),
PatID: pat.GetPatId(),
EntityType: auth.EntityType(pat.GetEntityType()),
Expand All @@ -116,11 +117,11 @@ func decodeAuthorizeResponse(_ context.Context, grpcRes any) (any, error) {
func encodeAuthorizeRequest(_ context.Context, grpcReq any) (any, error) {
req := grpcReq.(authReq)

// Check if this is a PAT request (has PatID) or policy request
if req.PatID != "" {
return &grpcAuthV1.AuthZReq{
AuthType: &grpcAuthV1.AuthZReq_Pat{
Pat: &grpcAuthV1.PATReq{
TokenType: req.TokenType,
UserId: req.UserID,
PatId: req.PatID,
EntityType: uint32(req.EntityType),
Expand All @@ -132,7 +133,6 @@ func encodeAuthorizeRequest(_ context.Context, grpcReq any) (any, error) {
}, nil
}

// Otherwise, it's a policy request
return &grpcAuthV1.AuthZReq{
AuthType: &grpcAuthV1.AuthZReq_Policy{
Policy: &grpcAuthV1.PolicyReq{
Expand Down
7 changes: 6 additions & 1 deletion auth/api/grpc/auth/endpoint.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,12 @@ func authenticateEndpoint(svc auth.Service) endpoint.Endpoint {
return authenticateRes{}, err
}

return authenticateRes{id: key.ID, userID: key.Subject, userRole: key.Role, verified: key.Verified}, nil
tokenType := auth.AccessTokenType
if key.Type == auth.PersonalAccessToken {
tokenType = auth.PersonalAccessTokenType
}

return authenticateRes{id: key.ID, userID: key.Subject, userRole: key.Role, verified: key.Verified, tokenType: tokenType}, nil
}
}

Expand Down
12 changes: 6 additions & 6 deletions auth/api/grpc/auth/endpoint_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ func TestIdentify(t *testing.T) {
desc: "authenticate user with valid user token",
token: validToken,
key: auth.Key{ID: "", Subject: id, Role: auth.UserRole},
idt: &grpcAuthV1.AuthNRes{UserId: id, UserRole: uint32(auth.UserRole)},
idt: &grpcAuthV1.AuthNRes{UserId: id, UserRole: uint32(auth.UserRole), TokenType: auth.AccessTokenType},
err: nil,
},
{
Expand All @@ -92,7 +92,7 @@ func TestIdentify(t *testing.T) {
desc: "authenticate user with valid PAT token",
token: "pat_" + validPATToken,
key: auth.Key{ID: id, Type: auth.PersonalAccessToken, Subject: clientID, Role: auth.UserRole},
idt: &grpcAuthV1.AuthNRes{Id: id, UserId: clientID, UserRole: uint32(auth.UserRole)},
idt: &grpcAuthV1.AuthNRes{Id: id, UserId: clientID, UserRole: uint32(auth.UserRole), TokenType: auth.PersonalAccessTokenType},
err: nil,
},
{
Expand Down Expand Up @@ -268,7 +268,7 @@ func TestAuthorize(t *testing.T) {
PatId: id,
EntityType: uint32(auth.ClientsType),
OptionalDomainId: domainID,
Operation: uint32(auth.CreateOp),
Operation: uint32(auth.ClientCreateOp),
EntityId: clientID,
},
},
Expand All @@ -286,7 +286,7 @@ func TestAuthorize(t *testing.T) {
PatId: id,
EntityType: uint32(auth.ClientsType),
OptionalDomainId: domainID,
Operation: uint32(auth.CreateOp),
Operation: uint32(auth.ClientCreateOp),
EntityId: clientID,
},
},
Expand All @@ -303,7 +303,7 @@ func TestAuthorize(t *testing.T) {
PatId: id,
EntityType: uint32(auth.ClientsType),
OptionalDomainId: domainID,
Operation: uint32(auth.CreateOp),
Operation: uint32(auth.ClientCreateOp),
EntityId: clientID,
},
},
Expand All @@ -321,7 +321,7 @@ func TestAuthorize(t *testing.T) {
PatId: id,
EntityType: uint32(auth.ClientsType),
OptionalDomainId: domainID,
Operation: uint32(auth.CreateOp),
Operation: uint32(auth.ClientCreateOp),
},
},
},
Expand Down
9 changes: 5 additions & 4 deletions auth/api/grpc/auth/responses.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,11 @@ package auth
import smqauth "github.com/absmach/supermq/auth"

type authenticateRes struct {
id string
userID string
userRole smqauth.Role
verified bool
id string
userID string
userRole smqauth.Role
verified bool
tokenType uint32
}

type authorizeRes struct {
Expand Down
3 changes: 2 additions & 1 deletion auth/api/grpc/auth/server.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ func decodeAuthenticateRequest(_ context.Context, grpcReq any) (any, error) {

func encodeAuthenticateResponse(_ context.Context, grpcRes any) (any, error) {
res := grpcRes.(authenticateRes)
return &grpcAuthV1.AuthNRes{Id: res.id, UserId: res.userID, UserRole: uint32(res.userRole), Verified: res.verified}, nil
return &grpcAuthV1.AuthNRes{Id: res.id, UserId: res.userID, UserRole: uint32(res.userRole), Verified: res.verified, TokenType: res.tokenType}, nil
}

func decodeAuthorizeRequest(_ context.Context, grpcReq any) (any, error) {
Expand All @@ -80,6 +80,7 @@ func decodeAuthorizeRequest(_ context.Context, grpcReq any) (any, error) {
}
if pat := req.GetPat(); pat != nil {
return authReq{
TokenType: pat.GetTokenType(),
UserID: pat.GetUserId(),
PatID: pat.GetPatId(),
EntityType: auth.EntityType(pat.GetEntityType()),
Expand Down
Loading
Loading