search

anz-bank / sysl-go

Communication library used by SYSL-generated code written in Go.
Apache License 2.0
10 stars 14 forks source link

Security Token Validation - OAuth2 #172

Open mohanar2 opened 4 years ago

mohanar2 commented 4 years ago

Currently sysl-go don't have the ability to validate the security token and perform any scope checks for an endpoint.

orlade-anz commented 4 years ago

@mohanar2 Can you provide some more context on this? Is it blocking some particular piece of work?

mohanar2 commented 4 years ago

This isn't blocking any of our current work. This is an enhancement that we need for validating JWT. @andrewemeryanz is aware of this change that we have requested.

The idea is to define a JWT Scope for every endpoint we define in .sysl. And let sysl build the capability to validate the token and check if the scope is present in the JWT every-time someone calls the endpoint.

Since all the boiler-plate code is being auto generated, we feel this ability to validate the token can be bundled along.

andrewemeryanz commented 4 years ago

The proposal is to perform validation of a jwt scope using the jwtauth library.