Open lukedirtwalker opened 1 year ago
Digging deeper I realized that we can't really determine the data type in this case, and we would just fail to parse the ACL. Not sure what's the best solution to this. It would be great if there would be someway to "rewrite" properties in the token before doing the ACLing. But not sure how this would be plugged in the nicest way.
I would like to be able to map auth0 roles to caddy-security roles.
Currently there is no way to do ACL authorization on custom fields. E.g on Auth0 it is not allowed to specify the
roles
field in a token so we put it inhttps://example.org/roles
, but the ACL will not see this field. This is because there is a distinction in theUser
type. The fields intkv
are accessible in the ACL but fields in themkv
map not. (Authorization uses this https://github.com/greenpau/go-authcrunch/blob/eb8b39e4299a51fe2cc8f775455cd87a270ae7f9/pkg/user/user.go#L194 method).Is there a specific reason to have this distinction? Couldn't we just expose the whole
mkv
for the authorization? I would be happy to write a patch, but I'm not sure how to best solve this.Thanks a lot for your feedback.