Authorize

Authorize{#Authorize}

authorize(params) {#authorize}⇒ `authorizationSuccessResult` | `authorizationErrorResult`

Main authorization function

Consists of the following steps:

If token is missing and endpoint is open, authorize request.
Validate and decode service token.
If servieToken exists and endpoint is open, authorize request.
Try to authorize using serviceAdmin.
Build auth params and check if service token exists.
Authorize organization.
Authorize using optional accessRules.

Returns: authorizationSuccessResult | authorizationErrorResult - Either returns an authorizeSuccessResult object or an authorizationErrorResult object

Param Type Description

Param	Type	Description
params	`Object`	Required -
params.authParams	`AccessRule`	Required - Object with auth parameters from the request
params.unverifiedServiceToken	`string`	Required - Unverified service token in JWT format
params.serviceTokenSignSecret	`string`	Required - The secret the unverified token should be validated with
params.request	`Object`	Required - The request object to be made availbable in authParams

params

Object

Required -

params.authParams

AccessRule

Required - Object with auth parameters from the request

params.unverifiedServiceToken

string

Required - Unverified service token in JWT format

params.serviceTokenSignSecret

string

Required - The secret the unverified token should be validated with

params.request

Object

Required - The request object to be made availbable in authParams

The result object returnd if the authorization was successful

Param Type Description

Param	Type	Description
result	`Object`	Required -
result.credentials	`Object`	Required -
result.credentials.serviceToken	`Object`	Required - Decoded service token used to authorize the request
result.artifacts	`Object`	Required -
result.artifacts.reason	`string`	Required - Why the request was authorized
result.artifacts.authenticationParameters	`Array.<Object>`	Required - The built authorization parameters used to authorize the request
result.artifacts.matchingAccessRules	`Array.<Object>`	Required - The built access rules that matched the provided token
result.artifacts.matchingServiceAdmin	`Object`	Required - If the token matched a service admin rule

result

Object

Required -

result.credentials

Object

Required -

result.credentials.serviceToken

Object

Required - Decoded service token used to authorize the request

result.artifacts

Object

Required -

result.artifacts.reason

string

Required - Why the request was authorized

result.artifacts.authenticationParameters

Array.<Object>

Required - The built authorization parameters used to authorize the request

result.artifacts.matchingAccessRules

Array.<Object>

Required - The built access rules that matched the provided token

result.artifacts.matchingServiceAdmin

Object

Required - If the token matched a service admin rule

The error object returned if the authorization failed.

Returns either Unauthoried, AccessDenied or ConfigError

Param Type Description

Param	Type	Description
result	`Object`	Required -
result.err	`ErrorsUnauthorized` \| `ErrorsAccessDenied` \| `Errors~ConfigError`	Required - The error thrown during authorization

result

Object

Required -

result.err

ErrorsUnauthorized | ErrorsAccessDenied | Errors~ConfigError

Required - The error thrown during authorization

PreviousService Authorization Lib NextErrors

Last updated 2 years ago