Naviga ID
Docs HomeInfomakerNaviga
Search…
Introduction
Release notes
Architecture
Authorization schema
Integrations
Customer Integration
Service Integration
Services
Admin API
IMSG
Shared modules
Http Test Server
Service Authorization Lib
Authorize
Errors
ExpressMiddleware
TokenUtils
Hapi plugin
ServiceAuthorizationError
AccessDenied
Unauthorized
ConfigError
Client Credentials
Managing Applications
Internal Naviga ID Docs
Access Token
Fetching and using Access Tokens
Validate Access Tokens
Local development
Local HTTPS support
Post Mortem
Broken backwards compatibility in access token service for client credentials, 20th Dec 2021
Powered By GitBook
Authorize

Authorize{#Authorize}

authorize(params) {#authorize}⇒ authorizationSuccessResult | authorizationErrorResult

Main authorization function
Consists of the following steps:
  1. 1.
    If token is missing and endpoint is open, authorize request.
  2. 2.
    Validate and decode service token.
  3. 3.
    If servieToken exists and endpoint is open, authorize request.
  4. 4.
    Try to authorize using serviceAdmin.
  5. 5.
    Build auth params and check if service token exists.
  6. 6.
    Authorize organization.
  7. 7.
    Authorize using optional accessRules.
Returns: authorizationSuccessResult | authorizationErrorResult - Either returns an authorizeSuccessResult object or an authorizationErrorResult object
Param
Type
Description
params
Object
Required -
params.authParams
AccessRule
Required - Object with auth parameters from the request
params.unverifiedServiceToken
string
Required - Unverified service token in JWT format
params.serviceTokenSignSecret
string
Required - The secret the unverified token should be validated with
params.request
Object
Required - The request object to be made availbable in authParams
The result object returnd if the authorization was successful
Param
Type
Description
result
Object
Required -
result.credentials
Object
Required -
result.credentials.serviceToken
Object
Required - Decoded service token used to authorize the request
result.artifacts
Object
Required -
result.artifacts.reason
string
Required - Why the request was authorized
result.artifacts.authenticationParameters
Array.<Object>
Required - The built authorization parameters used to authorize the request
result.artifacts.matchingAccessRules
Array.<Object>
Required - The built access rules that matched the provided token
result.artifacts.matchingServiceAdmin
Object
Required - If the token matched a service admin rule
The error object returned if the authorization failed.
Returns either Unauthoried, AccessDenied or ConfigError
Param
Type
Description
result
Object
Required -
result.err
ErrorsUnauthorized | ErrorsAccessDenied | Errors~ConfigError
Required - The error thrown during authorization
Shared modules - Previous
Service Authorization Lib
Next
Errors
Last modified 6mo ago
Export as PDF
Copy link
Contents
Authorize{#Authorize}
authorize(params) {#authorize}⇒ authorizationSuccessResult | authorizationErrorResult