access_token
for caller identity as an Http Header and permission(s) or role(s) as url path paramsThe end-point will validate access token before processing the request
Verb: GET
Http Headers:
Path: /permissions/key-1,key2
Status Code: 200 Body:
{
"userId": "user-principal-id",
"correlationId": "UUID",
"timestamp": "date-time"
"permissions": [
{
"key": "key-1",
"isAuthorized" false
},
{
"key": "key-2",
isAuthorized": true
}
]
}
The end-point will validate access token before processing the request
Verb: GET
Http Headers:
Path: /roles/key-1,key2
Status Code: 200 Body:
{
"userId": "user-principal-id",
"correlationId": "UUID",
"timestamp": "date-time"
"roles": [
{
"key": "schedule-pickup",
"isAuthorized": false
},
{
"key": "dispatchers",
"isAuthorized": true
}
]
}
trgos-poc-authzdb
All networks
Data Explorer
linkRoles
with Partition key
: key
, Unique Key
key
, and new database: authz-data
Users
and UserRolesPermissions
with Partition Key
: key
and Unique Key
key
Items
under corresponding container and select Items
and Upload Item
UserRolesPermissions
container configure Settings
-> Time to Live
to value of 300 secs
Keys
to copy URI
Connection String
-> Read-write Keys
and copy URI
and PRIMARY KEY
chmod +x ./automation/*
./automation/create-functions.sh
Configure env vars for the function:
az functionapp config appsettings set --name trgos-authorization \
--resource-group authpoc-resource-group \
--settings "CosmosDbEndpointUri={replace}"
az functionapp config appsettings set --name trgos-authorization \
--resource-group authpoc-resource-group \
--settings "CosmosDbPrimaryKey={replace}"
az functionapp config appsettings set --name trgos-authorization \
--resource-group authpoc-resource-group \
--settings "CosmosDbDatabaseId=authz-data"
az functionapp config appsettings set --name trgos-authorization \
--resource-group authpoc-resource-group \
--settings "RolesContainerId=Roles"
az functionapp config appsettings set --name trgos-authorization \
--resource-group authpoc-resource-group \
--settings "UsersContainerId=Users"
az functionapp config appsettings set --name trgos-authorization \
--resource-group authpoc-resource-group \
--settings "UserRolesPermissionsContainerId=UserRolesPermissions"
chmod +x ./automation/*
./automation/create-functions.sh
correlationId
generate a 400 error?