From 9e884ec20a75d8f5b59f3078026544a454047db4 Mon Sep 17 00:00:00 2001 From: Gsk54 Date: Wed, 18 Jan 2023 16:08:11 +0100 Subject: [PATCH] update readme --- README.md | 39 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 9d00ced..7e82dfb 100644 --- a/README.md +++ b/README.md @@ -46,7 +46,9 @@ npm run migrate ## Usage -The app is used for authentication (aka AuthN) and authorization (aka AuthZ : _to be developped_). +The app is used for authentication (aka AuthN) and authorization (aka AuthZ). + +### AuthN AuthN consists in verifying a username / password couple. A user can have multiple usernames (representing multiple identifiers), all of them sharing the same password. In the app, all the authentication information about a user is called an _auth_. As of 2022/10/23, the possible identifiers are : @@ -122,6 +124,41 @@ For AuthN, the app exposes the following [gRPC](https://grpc.io/) services : } ``` +### AuthZ + +AuthZ consists in verifying if a given **user** has the right permission to execute a given **action** within a given **domain**. Some context-dependant information can be given as well. + +For AuthZ, the app exposes the following [gRPC](https://grpc.io/) services : + +- **Decide** : asks the authorization service if a user has the right permission + + ```json + { + "uuid": "96d99d44-e0a6-458e-a656-de2a400d60a9", + "domain": "user", + "action": "read", + "context": [ + { + "name": "owner", + "value": "96d99d44-e0a6-458e-a656-de2a400d60a8" + }, + { + "name": "role", + "value": "admin" + } + ] + } + ``` + + In return, the service gives an authorization response : + + ```json + { + "allow": true + } + ``` + + ## Messages Various RabbitMQ messages are sent for logging purpose.