nest-keycloak-connect icon indicating copy to clipboard operation
nest-keycloak-connect copied to clipboard
verified publisher icon ferrerojosh

Different endpoints for different scopes

Open Syntarex opened this issue 3 years ago • 2 comments

What I want to achieve is a controller with 2 endpoints. The controller is annotated with @Resource. The endpoints are annotated with @Scope. Both endpoints got the same url. If access to the first endpoint is granted, the endpoint returns data. If the access to the first endpoint is denied, the second endpoint checks for access.

Example:

@Controller("entity")
@Resource("entity")
export class EntityController {
    // Constructor stuff

    @Get()
    @Scope("read.all")
    public async getAll() {
        return await this.service.getAll();
    }

    @Get()
    @Scope("read")
    public async getMine() {
        return await this.service.getMine();
    }
}

The background is that a user should only be able to fetch entities that he owns. An admin should be able to fetch all.

How can I achieve this? :)

Syntarex avatar Mar 01 '22 16:03 Syntarex

It would be even cooler if I could check for scopes by myself. Like inside off an endpoint.

Syntarex avatar Mar 01 '22 16:03 Syntarex

Scopes are defined at the endpoints sadly. This can be implemented but I am not sure when.

I plan along something like:

  @Get()
  @ConditionalScope((user, roles) => roles.contains("admin") ? ["read.all"] : ["read"])
  public async getMine(@CurrentScope() scope: String) {
    if (scope == "read.all") return await this.service.getAll();
    else if (scope == "read") return await this.service.getMine();
    else throw UnauthorizedException();
  }

ferrerojosh avatar Mar 10 '22 19:03 ferrerojosh