Easily Manage OAuth2 Scopes In Go
import "github.com/SonicRoshan/scope"
scopeA := "read:user:*"
scopeB := "read:user:username"
doesMatch := scope.MatchScopes(scopeA, scopeB)
This strategy will work like this :-
users.*
matchesusers.read
users.*
matchesusers.read.foo
users.read
matchesusers.read
users
does not matchusers.read
users.read.*
does not matchusers.read
users.*.*
does not matchusers.read
users.*.*
matchesusers.read.own
users.*.*
matchesusers.read.own.other
users.read.*
matchesusers.read.own
users.read.*
matchesusers.read.own.other
users.write.*
does not matchusers.read.own
users.*.bar
matchesusers.baz.bar
users.*.bar
does notusers.baz.baz.bar
When a client request certain data, this function will eliminate any data in the struct for which the client does not have a read scope.
type user struct {
username string `readScope:"user:read:username"`
email string `readScope:"user:read:email"`
}
func main() {
output := user{username : "Test", email : "[email protected]"}
scopesHeldByClient := []string{"user:read:username"}
scope.FilterRead(output, scopesHeldByClient)
// Now output.email will be nil as client does not have scope required to read email field
output := user{username : "Test", email : "[email protected]"}
scopesHeldByClient := []string{"user:read:*"}
scope.FilterRead(&output, scopesHeldByClient)
// Now none of the field in output will be nil as client has scopes to read everything in user struct
}