Support different formats of scopes
Closed this issue · 12 comments
Is your feature request related to a problem? Please describe.
Hydra splits checking of scopes on .
. It makes the assumption that scopes are dot separated. We have a use case where the scope needs to contain a :
. A example of the scope is payments:xyz
. I would like to create a client that has all scopes under payments
. If it were dot separated I can create a client with scopes payments.*
. I cannot do that with the :
. I cannot create a client which has an allowed scope payments:*
.
Describe the solution you'd like
I would like the ability to create a client with scopes separated by :
. It would be good to be able to set a regular expression based scope strategy.
Sorry for the late reply. Generally that's a possibility - one thing to keep in mind with :
is that they are special characters in URLs and have to be encoded properly. Is there a specific reason why you want that delimiter instead of the more common .
notation?
No worries.
If it were up to me I wouldn’t want to have :
. But we are supporting PSD2, Berlin Group standard and they have a requirement of using scopes separated by :
.
We also have (legacy) scope identifiers with :
and would like to grant a scope like service:*
to clients. Regular expression may not be needed, it would be enough to have a configuration for the list of separator characters. Character .
could still be the default.
We're open to accepting a PR. This should be done both in fosite (as a scope strategy) and hydra (as a configuration value). If you are looking to do a PR please discuss the changes beforehand as it will save some time :)
Looks like a nice task to start with Go :)
The fix would just be to add the delimiter as a parameter to the wildcard strategy?
Probably also for the hierarchical strategy? Or is that one deprecated and will be removed?
yep exactly! I think we can add it to wildcard and hierarchical!
@tacurran is this a feature that would make sense implementing?
Are you still open for contributing on this @elchtestAtBosch or @elch78 ?
Sorry, I don't have time at the moment.
Closing due to lack of public interest.
Hey, @aeneasr would you mind reopening this?
There are other situations where the scope does not have "." as the delimiter.
We're dealing with a situation where scopes are using wildcards with "/" as a delimiter. Eg: "user/.rs", "practitioner/Patient."
I could help look into it. Would this involve changes in Fosite? - https://github.com/ory/fosite/blob/master/scope_strategy.go#L69
@sidharthramesh agree, that would be great. we have permissions with :
and it's a pain converting them back and forth