pjebs
commented
4 years ago Your use case is hard to generalise to other people. You will have to create a fork and modify it.
Closed juan88 closed 4 years ago
pjebs
commented
4 years ago Your use case is hard to generalise to other people. You will have to create a fork and modify it.
juan88
commented
4 years ago Thanks for the reply and I totally agree with what you say. Anyway, do you think it is a good approach to controlling access to your API resources?
pjebs
commented
4 years ago No. That's what oauth is for.
pjebs
commented
4 years ago This package is for simple scenario
juan88
commented
4 years ago OK! Thanks for the answer! :)
Hello!
I have the following scenario. We have set key/secret keypairs for users. Each user in turn can manage N clients through a pivot table (user_id, client_id). I have restgate integrated with the Gin framework and I can authenticate requests made by certain users who have their corresponding key/secret.
Now I would like to enforce that the key/secret of the user that is received matches against a specific client_id parameter (ie, the keypair is set to a user, that user in turn can manage that specifi client). The only way of doing so now is adding extra code that performs the corresponding SQL query that checks the permissions. Is there a better way of doing so, maybe hooking up to restgate in some way or to take advantage of the query that is performed in order to check the validity of the keypair provided?
Thank you!