Closed ckittel closed 2 years ago
I was in the midst of reviewing when I got the notification 😆 LGTM 🚀
I was in the midst of reviewing when I got the notification 😆 LGTM 🚀
@skabou - Can you mark your open comments resolved if they are resolved? Thanks!
Thanks all. @mmacy, this is ready for your review. This is the FIRST Azure Function-based scenario, so please pay extra attention to the flow/configuration sections so that we can replicate on the .net and node ones that will be coming soon as well.
This one might actually be a little too minimal. Hope you don't hate me for this, but this is something I thought of on the last API I reviewed but forgot to mention:
Every API should have at least two endpoints, and possibly three:
Happy to discuss further.
@mmacy - Just a heads up that basically all of our basic/focused "protect an API" scenarios that we did so far have been this minimal (single method, scope protected). If you would like us to go back to them all and extend them to include more sub scenarios, I'd request that it gets added to the backlog so that change request doesn't get lost and the specific requirements are documented.
I've cataloged the request on our Teams channel.
For this specific example, fundamentally the only change would be
scopes: str = jwt.decode(
access_token, options={"verify_signature": False, "require": ["scp"]}
)["scp"]
# TO
roles: str = jwt.decode(
access_token, options={"verify_signature": False, "require": ["roles"]}
)["roles"]
Then change the "Greeting.Read" check to "GreetingReaderRole" or something. The switch from using one JWT claim to another JWT claim for authorization could be pretty easily mentioned in the tutorial, I'd imagine.
This is for #DOCS-CODE-006
Simple HTTP Trigger written in Python 3 that demonstrates how Easy Auth in Azure Functions takes on the responsibility of basic authentication and your code then is responsible for all remaining authorization.