Authorize
Authorize{#Authorize}
authorize(params) {#authorize}⇒ authorizationSuccessResult
| authorizationErrorResult
authorizationSuccessResult
| authorizationErrorResult
Main authorization function
Consists of the following steps:
If token is missing and endpoint is open, authorize request.
Validate and decode service token.
If servieToken exists and endpoint is open, authorize request.
Try to authorize using serviceAdmin.
Build auth params and check if service token exists.
Authorize organization.
Authorize using optional accessRules.
Returns: authorizationSuccessResult
| authorizationErrorResult
- Either returns an authorizeSuccessResult object or an authorizationErrorResult object
params
Object
Required -
params.authParams
AccessRule
Required - Object with auth parameters from the request
params.unverifiedServiceToken
string
Required - Unverified service token in JWT format
params.serviceTokenSignSecret
string
Required - The secret the unverified token should be validated with
params.request
Object
Required - The request object to be made availbable in authParams
The result object returnd if the authorization was successful
result
Object
Required -
result.credentials
Object
Required -
result.credentials.serviceToken
Object
Required - Decoded service token used to authorize the request
result.artifacts
Object
Required -
result.artifacts.reason
string
Required - Why the request was authorized
result.artifacts.authenticationParameters
Array.<Object>
Required - The built authorization parameters used to authorize the request
result.artifacts.matchingAccessRules
Array.<Object>
Required - The built access rules that matched the provided token
result.artifacts.matchingServiceAdmin
Object
Required - If the token matched a service admin rule
The error object returned if the authorization failed.
Returns either Unauthoried, AccessDenied or ConfigError
result
Object
Required -
result.err
Errors
| UnauthorizedErrorsAccessDenied
| Errors~ConfigError
Required - The error thrown during authorization
Last updated