Question: Get extra information from auth process against a DB
Closed this issue · 5 comments
Hello!
I have the following scenario. We have set key/secret keypairs for users. Each user in turn can manage N clients through a pivot table (user_id, client_id). I have restgate integrated with the Gin framework and I can authenticate requests made by certain users who have their corresponding key/secret.
Now I would like to enforce that the key/secret of the user that is received matches against a specific client_id parameter (ie, the keypair is set to a user, that user in turn can manage that specifi client). The only way of doing so now is adding extra code that performs the corresponding SQL query that checks the permissions. Is there a better way of doing so, maybe hooking up to restgate in some way or to take advantage of the query that is performed in order to check the validity of the keypair provided?
Thank you!
Your use case is hard to generalise to other people. You will have to create a fork and modify it.
Thanks for the reply and I totally agree with what you say. Anyway, do you think it is a good approach to controlling access to your API resources?
No. That's what oauth is for.
This package is for simple scenario
OK! Thanks for the answer! :)