Skip to content

Commit

Permalink
doc: add example for authorization checks based on introspection resp…
Browse files Browse the repository at this point in the history
…onse
  • Loading branch information
sprudel committed Aug 26, 2024
1 parent c16b470 commit 664fc32
Showing 1 changed file with 28 additions and 0 deletions.
28 changes: 28 additions & 0 deletions src/oidc/introspection/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,34 @@ custom_error! {
/// `resource_owner_` are set.
/// - When scope contains `urn:zitadel:iam:user:metadata`, the metadata hashmap will be
/// filled with the user metadata.
///
/// It can be used as a basis for further customized authorization checks, for example:
/// ```
/// use zitadel::axum::introspection::IntrospectedUser;
/// use zitadel::oidc::introspection::ZitadelIntrospectionExtraTokenFields;
///
/// enum Role {
/// Admin,
/// Client
/// }
///
/// trait MyAuthorizationChecks {
/// fn has_role(&self, role: Role, org_id: &str) -> bool;
/// }
///
/// impl MyAuthorizationChecks for ZitadelIntrospectionExtraTokenFields {
/// fn has_role(&self, role: Role, org_id: &str) -> bool {
/// let role = match role {
/// Role::Admin => "Admin",
/// Role::Client => "Client",
/// };
/// self.project_roles.as_ref()
/// .and_then(|roles| roles.get(role))
/// .map(|org_ids| org_ids.contains_key(org_id))
/// .unwrap_or(false)
/// }
/// }
/// ```
#[derive(Clone, Debug, Serialize, Deserialize, Default)]
pub struct ZitadelIntrospectionExtraTokenFields {
pub name: Option<String>,
Expand Down

0 comments on commit 664fc32

Please sign in to comment.