We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
实现针对租户/应用的AK/SK授权与鉴权机制,并提供对OAuth2的部分支持,实现AccessToken的授权范围处理。
场景描述:
AK/SK实现逻辑:
ci
IamCertKernelKind::AkSk
cert_conf
cert
ak/sk
AccessToken实现逻辑:
AK
AccessToken
Refresh Tokens
OAuth
Set
SetCate
iam:cache:token:info:xxx
token_kind, rel_iam_item_id, ak, SetCateIds
Authorization
Bearer
iam:cache:account:info:xx
ctx.ident_info
The text was updated successfully, but these errors were encountered:
No branches or pull requests
实现针对租户/应用的AK/SK授权与鉴权机制,并提供对OAuth2的部分支持,实现AccessToken的授权范围处理。
场景描述:
AK/SK实现逻辑:
ci类型的API,用于处理服务端接口调用IamCertKernelKind::AkSk类型并实现cert_confcert的配置ak/sk类型的验签AccessToken实现逻辑:
ci接口支持通过创建当前AK的AccessToken及Refresh Tokens并能指定生效时间及授权范围(Scope)(OAuth2 Client-credentials模式: https://oauth.net/2/grant-types/client-credentials/ )AccessToken及Refresh Tokens生效时间写入cert表,绑定到 AK/SK对应的certOAuth的内置Set, 把资源(授权API)绑定到该SetCate下(Via: RbumRelFromKind::SetCate, To 资源API)并同步到缓存(对应于add_or_modify_res_rel,add_or_modify_req参数中的groups)OAuthSet的一个或多个SetCate(Via: RbumRelFromKind::SetCate To ?)TODOAccessToken及授权范围写入到iam:cache:token:info:xxx缓存,值修改为:token_kind, rel_iam_item_id, ak, SetCateIdsAuthorization以Bearer开头也作为Token处理,获取rel_iam_item_id的同时也获取到ak, SetCateIds,如果存在ak则忽略iam:cache:account:info:xx直接生成ctx.ident_info, iam_groups=SetCateIdsThe text was updated successfully, but these errors were encountered: