Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Fetch project roles from introspection #550

Merged
merged 1 commit into from
Apr 18, 2024

Conversation

aDogCalledSpot
Copy link
Contributor

@aDogCalledSpot aDogCalledSpot commented Apr 17, 2024

Allows fetching the project roles from the returned JWT token when using the introspection endpoint.

Is generic over a type for the roles so that users can do something like:

#[derive(Debug, Serialize, Deserialize, PartialEq, Eq, Hash, Clone, Copy)]
#[serde(rename_all = "kebab-case")]
enum MyRole  {
    Admin,
    User,
}

fn my_endpoint(user: Introspected<MyRole>) -> Result<impl IntoResponse> {
    if !user.project_roles.get(MyRole::Admin).is_some_and(|r| r.contains(ORG_ID)) {
         return StatusCode::FORBIDDEN;
    }
}

@buehler
Copy link
Collaborator

buehler commented Apr 18, 2024

Thanks for the addition! :-)

One question though: why do you think the key of the roles map are something else than strings? This adds a lot of complexity with traits to the code.

Wouldn't it be simpler if you just used "String"?

@aDogCalledSpot
Copy link
Contributor Author

Roles are perfect for being displayed as enums and how I would assume that most people are going to implement the roles in their backends. Adding a few trait bounds here leads to a lot of boilerplate being removed where the strings are constantly converted from and to an enum instance on which all the logic is based.

I added String as the default type, so if no handling in particular is specified then you can always fall back to using String. This also means that this change is backwards compatible.

@buehler buehler merged commit 5ad8613 into smartive:main Apr 18, 2024
1 check passed
@aDogCalledSpot aDogCalledSpot deleted the roles_from_introspection branch April 18, 2024 11:49
Copy link

🎉 This PR is included in version 4.3.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

sprudel added a commit to sprudel/zitadel-rust that referenced this pull request Aug 25, 2024
…ble with caches

Using a role generic was incompatible with the type erasure
of the introspection cache.
Judging from the discussion in smartive#550
the original intention was to introduce a convenience feature, for library users.
However, the same behaviour can be easily achieved by a simple extention trait,
and does not need to be support by this crate itself to achieve the same convenience.
As a result, the generic role type parameter is removed.
sprudel added a commit to sprudel/zitadel-rust that referenced this pull request Aug 26, 2024
…ble with caches

Using a role generic was incompatible with the type erasure
of the introspection cache.
Judging from the discussion in smartive#550
the original intention was to introduce a convenience feature, for library users.
However, the same behaviour can be easily achieved by a simple extention trait,
and does not need to be support by this crate itself to achieve the same convenience.
As a result, the generic role type parameter is removed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

Successfully merging this pull request may close these issues.

2 participants