feat: Fetch project roles from introspection

smartive / zitadel-rust

An implementation of the ZITADEL gRPC API in Rust. Complemented with other useful elements such as ServiceAccount auth.

https://docs.rs/zitadel/latest/zitadel/

Other

46 stars 17 forks source link

feat: Fetch project roles from introspection #550

Closed aDogCalledSpot closed 6 months ago

aDogCalledSpot commented 6 months ago

Allows fetching the project roles from the returned JWT token when using the introspection endpoint.

Is generic over a type for the roles so that users can do something like:

#[derive(Debug, Serialize, Deserialize, PartialEq, Eq, Hash, Clone, Copy)]
#[serde(rename_all = "kebab-case")]
enum MyRole  {
    Admin,
    User,
}

fn my_endpoint(user: Introspected<MyRole>) -> Result<impl IntoResponse> {
    if !user.project_roles.get(MyRole::Admin).is_some_and(|r| r.contains(ORG_ID)) {
         return StatusCode::FORBIDDEN;
    }
}

buehler commented 6 months ago

Thanks for the addition! :-)

One question though: why do you think the key of the roles map are something else than strings? This adds a lot of complexity with traits to the code.

Wouldn't it be simpler if you just used "String"?

aDogCalledSpot commented 6 months ago

Roles are perfect for being displayed as enums and how I would assume that most people are going to implement the roles in their backends. Adding a few trait bounds here leads to a lot of boilerplate being removed where the strings are constantly converted from and to an enum instance on which all the logic is based.

I added String as the default type, so if no handling in particular is specified then you can always fall back to using String. This also means that this change is backwards compatible.

github-actions[bot] commented 6 months ago

:tada: This PR is included in version 4.3.0 :tada:

The release is available on:

v4.3.0
GitHub release

Your semantic-release bot :package::rocket: