fosite icon indicating copy to clipboard operation
fosite copied to clipboard
verified publisher icon ory

feat: add ResourceAccessScopeStrategy

Open zoop-btc opened this issue 1 year ago • 2 comments

Related to this hydra issue.

This scope strategy splits a scope into resources delimited with :. Each resource can have dynamic values if it has the suffix -*. The last resource can specify a verb delimited with ..

The hierarchy of the matcher and scope resources needs to be identical.

Examples:

  • users.* matches users.read
  • users.write does not match users.read
  • users:settings matches users:settings
  • users:settings does not match users:settings.read
  • users:client-*.read does match users:client-bar.read
  • users:client-* does not match users:client-bar.read
  • users:client-*.* does match users:client-foo.write

Open questions: Should I make the resource/verb delimiter configurable? What about allowing dynamic resources?

zoop-btc avatar Mar 29 '24 13:03 zoop-btc

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar Mar 29 '24 13:03 CLAassistant

Before I open a separate discussion, I wanted to check if there are plans for defining a scope matching strategy for use in ORY Hydra. As part of the Smart App Launch US HTI-1 Guidelines to support Smart App Launch 2.0.0 - the scope formats were updated to the following format: https://hl7.org/fhir/smart-app-launch/STU2/scopes-and-launch-context.html#scopes-for-requesting-clinical-data

patient.read > patient.r or patient.rs

medhost-chara avatar May 15 '24 17:05 medhost-chara

closing this since there is no interest by devs it seems

zoop-btc avatar Mar 05 '25 20:03 zoop-btc