Authorize

Authorize{#Authorize}

authorize(params) {#authorize}⇒ authorizationSuccessResult | authorizationErrorResult

Main authorization function

Consists of the following steps:

  1. If token is missing and endpoint is open, authorize request.

  2. Validate and decode service token.

  3. If servieToken exists and endpoint is open, authorize request.

  4. Try to authorize using serviceAdmin.

  5. Build auth params and check if service token exists.

  6. Authorize organization.

  7. Authorize using optional accessRules.

Returns: authorizationSuccessResult | authorizationErrorResult - Either returns an authorizeSuccessResult object or an authorizationErrorResult object

Param
Type
Description

params

Object

Required -

params.authParams

AccessRule

Required - Object with auth parameters from the request

params.unverifiedServiceToken

string

Required - Unverified service token in JWT format

params.serviceTokenSignSecret

string

Required - The secret the unverified token should be validated with

params.request

Object

Required - The request object to be made availbable in authParams

The result object returnd if the authorization was successful

Param
Type
Description

result

Object

Required -

result.credentials

Object

Required -

result.credentials.serviceToken

Object

Required - Decoded service token used to authorize the request

result.artifacts

Object

Required -

result.artifacts.reason

string

Required - Why the request was authorized

result.artifacts.authenticationParameters

Array.<Object>

Required - The built authorization parameters used to authorize the request

result.artifacts.matchingAccessRules

Array.<Object>

Required - The built access rules that matched the provided token

result.artifacts.matchingServiceAdmin

Object

Required - If the token matched a service admin rule

The error object returned if the authorization failed.

Returns either Unauthoried, AccessDenied or ConfigError

Param
Type
Description

result

Object

Required -

result.err

ErrorsUnauthorized | ErrorsAccessDenied | Errors~ConfigError

Required - The error thrown during authorization

Last updated