Question: Get extra information from auth process against a DB

Question

Question: Get extra information from auth process against a DB

Closed this issue 4 years ago · 5 comments

Hello!

I have the following scenario. We have set key/secret keypairs for users. Each user in turn can manage N clients through a pivot table (user_id, client_id). I have restgate integrated with the Gin framework and I can authenticate requests made by certain users who have their corresponding key/secret.

Now I would like to enforce that the key/secret of the user that is received matches against a specific client_id parameter (ie, the keypair is set to a user, that user in turn can manage that specifi client). The only way of doing so now is adding extra code that performs the corresponding SQL query that checks the permissions. Is there a better way of doing so, maybe hooking up to restgate in some way or to take advantage of the query that is performed in order to check the validity of the keypair provided?

Thank you!

Answer 1 · 2020-05-17T00:40:12.000Z

Your use case is hard to generalise to other people. You will have to create a fork and modify it.

Answer 2 · 2020-05-18T13:28:41.000Z

Thanks for the reply and I totally agree with what you say. Anyway, do you think it is a good approach to controlling access to your API resources?

Answer 3 · 2020-05-18T13:45:47.000Z

No. That's what oauth is for.

Answer 4 · 2020-05-18T13:46:13.000Z

This package is for simple scenario

Answer 5 · 2020-05-18T14:26:42.000Z

OK! Thanks for the answer! :)