scopula.core
Handles scopes logic.
Scopes are case-sensitive strings without any whitespace, that represent authorization access. From OAuth2 RFC (https://tools.ietf.org/html/rfc6749#section-3.3):
The value of the scope parameter is expressed as a list of space- delimited, case-sensitive strings. The strings are defined by the authorization server. If the value contains multiple space-delimited strings, their order does not matter, and each string adds an additional access range to the requested scope.
scope = scope-token ( SP scope-token ) scope-token = 1( %x21 / %x23-5B / %x5D-7E )
In order to manage fine-grained authorizations, this lib uses a convention for scope formats. For example, we often need to distinguish between a full scope that will provides full access to some resource, and read-only access. Sometimes we also want to limit the access to some sub-resource. Here are some examples of our convention:
users full access to users resource
users/profile access to users profile only
users/profile:read access to users profile read-only
users/profile/email:write access to users profile only email write-only
Mainly : is only authorized to split between access read/write/rw
(nothing implies rw).
Sub-resources can be separated by /.
This library provides helper functions to check that
a given scope will also grant e.g. users/profile/email and users/profile:read.
We also provide helpers to normalize sets of scopes:
(normalize-scopes #{"users" "users/profile/email:read" "admin"}) #{"users" "admin"}
...as users/profile/email:read is redundant, it is removed.
Note that scopes are meant to be used in an OAuth2 access in mind, and thus are generally manipulated as a set of scopes.
scopes that do not have any subpath are called root scopes.
This is important because it is easy to add, union scopes. But it is generally impossible to remove just a sub-scope as it would mean we should know all the sub-paths of some root-scope and add the difference.
Scope are additive by nature.
Handles scopes logic.
Scopes are case-sensitive strings without any whitespace, that represent
authorization access. From OAuth2 RFC (https://tools.ietf.org/html/rfc6749#section-3.3):
> The value of the scope parameter is expressed as a list of space-
> delimited, case-sensitive strings. The strings are defined by the
> authorization server. If the value contains multiple space-delimited
> strings, their order does not matter, and each string adds an
> additional access range to the requested scope.
>
> scope = scope-token *( SP scope-token )
> scope-token = 1*( %x21 / %x23-5B / %x5D-7E )
In order to manage fine-grained authorizations, this lib uses a convention
for scope formats.
For example, we often need to distinguish between a full scope that will provides
full access to some resource, and read-only access.
Sometimes we also want to limit the access to some sub-resource.
Here are some examples of our convention:
`users` full access to users resource
`users/profile` access to users profile only
`users/profile:read` access to users profile read-only
`users/profile/email:write` access to users profile only email write-only
Mainly `:` is only authorized to split between access read/write/rw
(nothing implies rw).
Sub-resources can be separated by `/`.
This library provides helper functions to check that
a given scope will also grant e.g. `users/profile/email` and `users/profile:read`.
We also provide helpers to normalize sets of scopes:
>>> (normalize-scopes #{"users" "users/profile/email:read" "admin"})
#{"users" "admin"}
...as `users/profile/email:read` is redundant, it is removed.
Note that scopes are meant to be used in an OAuth2 access in mind, and thus
are generally manipulated as a set of scopes.
scopes that do not have any subpath are called _root scopes_.
This is important because it is easy to add, union scopes.
But it is generally impossible to remove just a sub-scope as it would
mean we should know all the sub-paths of some root-scope and add the difference.
Scope are additive by nature.- accepted-by-scopes
- access-granted
- add-scope
- allowed-chars-no-colon-no-slash
- allowed-word
- is-root-scope?
- is-scope-alias?
- is-scope-aliases-map?
- is-scope-format-valid?
- is-sub-list?
- is-subscope?
- merge-accesses
- normalize-scopes
- raw-repr-scope-disj
- repr-is-strict-subpath?
- repr-is-subscope?
- repr-is-subsummed
- repr-normalize-scopes
- repr-scope-disj
- repr-scope-intersection
- repr-scope-remove
- repr-scopes-intersect?
- repr-scopes-intersecting
- repr-scopes-intersection
- repr-scopes-missing
- root-scope
- safe-scopes-expand
- scope-alias-regex
- scope-cons
- scope-difference
- scope-disj
- scope-intersection
- scope-regex
- scope-repr-to-str
- scope-root
- scope-union
- scopes-compress
- scopes-expand
- scopes-intersect?
- scopes-intersecting
- scopes-intersection
- scopes-length
- scopes-missing
- scopes-subset?
- scopes-superset?
- to-scope-repr
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close