[Question] How to use a global Authorizer

Question

[Question] How to use a global Authorizer

Closed this issue 2 years ago · 7 comments

I'm trying to create an authorizer that gets applied to multiple Queries/Commands
i.e. write one authorizer for many commands instead of one per query/command.

I was hoping to be able to write something like:

public class RequestMustHaveApiScopeAuthorizer : AbstractRequestAuthorizer<IRequest>
// or public class RequestMustHaveIdentityApiScopeAuthorizer<TResponse> : AbstractRequestAuthorizer<IRequest<TResponse>> where TResponse : class
{
    public override void BuildPolicy(IRequest request)
    {
        .   .   .
    }
}

As every query and command inherits from IRequest<T> but it doesn't work unfortunately.

Is there a better way to achieve this or would this functionality need to be added?

Answer 1 · 2022-12-25T10:54:30.000Z

@AustinDavies any update here?

Answer 2 · 2022-12-25T13:49:18.000Z

I did something similar with BaseAuthorizer, but it is required to use base class for all queries/commands.

Answer 3 · 2023-01-02T19:29:45.000Z

@GFoley83 I will start working on this. I should have some progress here soon. Will keep you posted

Answer 4 · 2023-01-02T23:43:31.000Z

@GFoley83 Please verify with 11.1.1. You can check-out the examples in the src code to see an example of a global authorizer. Hope this helps!

Here is an example:

    public class GlobalAuthorizer<TRequest> : AbstractRequestAuthorizer<TRequest>
    {
        public override void BuildPolicy(TRequest request) 
            => UseRequirement(new MustBeAuthenticatedRequirement());
    }

Answer 5 · 2023-03-15T01:36:19.000Z

This feature has been added. Closing issue due to age.

Answer 6 · 2023-08-02T13:12:23.000Z

Hello @AustinDavies

I would be grateful if you could answer my concerns.

Could you explain to me what the purpose of the GlobalAuthorizer idea is?

also, I don't see in the GlobalAuthorizer how you are using it, I mean there is a command but there is no Authorizer linked to it, so the GlobalAuthorizer will be triggered for this command?

I have a scenario I need to implement here, I need to make XAuthorizer for command or query, what I need is once this XAuhorizer is inherited from YAuthorizer like the GlobalAuthorizer, so he will consider the requirements that exist first in the YAuthorizer then the XAuthorizer. does the GlobalAuthorizer meet this need? if not how to implement it?

for .net 6

thanks for your efforts 🌸

Answer 7 · 2023-08-04T01:12:27.000Z

I can't quite conceptualize your use-case based on your general description provided, however, as you state it, to me this sounds a bit like a design question of your application. I think you might want to consider extracting the authorization logic you are trying to perform into an AuthorizationRequirement. I guess, I am looking at this as you may be trying to force inheritance where not applicable. In any case, I just need a bit more of a concrete example to better assist you.