update readme

2023-01-18 16:08:11 +01:00 · 2023-01-18 16:08:11 +01:00 · 9e884ec20a
parent a578417d31
commit 9e884ec20a
1 changed files with 38 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -46,7 +46,9 @@ npm run migrate

 ## Usage

-The app is used for authentication (aka AuthN) and authorization (aka AuthZ : _to be developped_).
+The app is used for authentication (aka AuthN) and authorization (aka AuthZ).
+
+### AuthN

 AuthN consists in verifying a username / password couple. A user can have multiple usernames (representing multiple identifiers), all of them sharing the same password. In the app, all the authentication information about a user is called an _auth_. As of 2022/10/23, the possible identifiers are :

@ -122,6 +124,41 @@ For AuthN, the app exposes the following [gRPC](https://grpc.io/) services :
    }
    ```

+### AuthZ
+
+AuthZ consists in verifying if a given **user** has the right permission to execute a given **action** within a given **domain**. Some context-dependant information can be given as well.
+
+For AuthZ, the app exposes the following [gRPC](https://grpc.io/) services :
+
+-   **Decide** : asks the authorization service if a user has the right permission
+
+    ```json
+    {
+        "uuid": "96d99d44-e0a6-458e-a656-de2a400d60a9",
+        "domain": "user",
+        "action": "read",
+        "context": [
+            {
+                "name": "owner",
+                "value": "96d99d44-e0a6-458e-a656-de2a400d60a8"
+            },
+            {
+                "name": "role",
+                "value": "admin"
+            }
+        ]
+    }
+    ```
+
+    In return, the service gives an authorization response : 
+
+    ```json
+    {
+        "allow": true
+    }
+    ```
+
+
 ## Messages

 Various RabbitMQ messages are sent for logging purpose.