Granular scope #1
Comments
|
I made a patch there: http://goo.gl/FH7O0 |
|
I made another version that has more appropriate use and nomenclature, IMHO, here: http://goo.gl/HfW7j There is a optional scope_match parameter (default is 'full' which behaves as usual), that can be set to 'intersect', then if there is one or more matching access range the authenticator passes validation and fills the .authorized_scope_intersect attribute with the intersected scope. >>>scope = AccessRange.objects.filter(key__in=["date_joined", "last_login"])
>>>authenticator = Authenticator(request, scope=scope, scope_match='intersect')
>>>authenticator.validate() # Assume the client only has access to 'date_joined': the validation will pass…
>>>authenticator.authorized_scope_intersect # …and this attribute value will be:
set([u'date_joined'])What do you think about this? It sounds OK to me, I'll use it this way, unless there is a misconception…? Camille. |
|
Previous patch was against the easy_install package, this one is for the latest git commit: http://goo.gl/jJiWy |
gabrielgrant
added a commit
that referenced
this issue
Mar 13, 2012
Support client_secret authentication in POST body in password flow as wel
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, thanx a lot for this great app!
I wonder if it would be possible/expedient to validate an authentication if it matches one or more access range?
For example I have a resource that provides information about users, I will want to slice the given information regarding the access rights the client has, instead of rejecting it because it doesn't have access to the whole access range:
E.g:
Thus, regarding the returned .authorized_sub_scope set, I can return the user's email and/or name.
If this is a proper approach to do so, it would be very useful for my case, and maybe other's. What do you think?
Camille.
The text was updated successfully, but these errors were encountered: