Dynamic Scopes #3983
CodeFromAnywhere
started this conversation in
Enhancements
Dynamic Scopes
#3983
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
After trying to architect a good way for doing RAR with OAuth2, I stumbled upon the question on how to implement fine-grained access control. How to do this right? My intuition was to add
{variableName}
in the scope to make it more fine-grained, and document it clearly.I found these materials that confirmed my strategy:
All in all, it seems that it's possible to create scopes with dynamic parts. Maybe disliked by some developers and authorities (such as Vittorio Bertocci) but definitely possible - and implemented by some people - and not uncompatible with oauth2.
As an example, I will implement my database management and use API like this:
To make things clearer, I'll add
x-scope-parameters
to my openapi specification, as such:Just sharing my research and ADR here. Maybe it helps, and curious to hear others takes on this!
Beta Was this translation helpful? Give feedback.
All reactions