Hey together,
I’m currently learning go with gin and try to setup auth0 for authentication and authorization, the first part is working fine so far.
Now I try to implement authorization based on rules using this tutorial: https://auth0.com/docs/quickstart/backend/golang/01-authorization
So far so good, as I’m using Gin I wanted to put the HasScope to its own middleware to call it in addition.
// HasScope checks whether our claims have a specific scope.
func (c CustomClaims) HasScope(expectedScope string) gin.HandlerFunc {
return func(context *gin.Context) {
result := strings.Split(c.Scope, " ")
for i := range result {
if result[i] == expectedScope {
context.Next()
}
}
context.AbortWithStatus(403)
}
}
this is what I came up with so far, trying to extract it.
Problem is that I probably shouldn’t be attaching that function to a CustomClaim, as I would need one for calling it afterwards, right?
But somehow I’m stuck and can’t get further at the moment, does anyone have an idea on how to proceed with it?
I unfortunately don’t have any experience with Gin Assuming you’re passing an audience in the original authorize request, you shouldn’t need to extract anything. The middleware should just be used to check for specific claims once you’ve successfully validated the access token.
Hey tyf,
thanks for the request, I think I found the solution, I was just to stupid to understand the code and how it should be used correctly I guess, I will validate that and put my findings here later as well.
It’s more or less about the permissions you can set when configuring the api