Re: Multiple scopes check with different condition...

ramyaramasamy · 08-02-2018 09:40 AM

Hi, Is there any way i can check multiple scope for the same endpoint based on different attribute value in the request?

I need to check the scope based on the request data. eg. if the request attribute "env":"QA" then i need to check "env.qa" scope but if its "env":"staging" then i need to check different scope. Can someone help me how to handle multiple scope check based on the different condition?

dchiesa1

Have you seen the condition reference? Within conditions you can express such logic.

You used the term "request attribute". I don't know what that is, exactly. Maybe you mean "query parameter." In that case the condition is something like this:

<Condition>request.queryparam.env = "QA"</Condition>

Wrap that condition around a policy that checks for particular scopes. Or, Combine that boolean with another than checks your scope. For example if scope is available in a context variable as a string like this:

qa dev

Then your logic statement to check for the presence of the "qa" value within scope would be something like this:

request.queryparam.env = "QA" AND NOT (scope ~~ "^.*\bqa\b.*$")

That says "if the env query param holds "QA" and the scope context variable does not contain "qa". If that last bit looks like cartoon swearing, it's because it's a "regular expression".

In that case I suppose you might want to raise a fault with a "insufficient scope" message. So, like this:

<Step>
  <Name>RaiseFault-InsufficientScope</Name>
  <Condition>request.queryparam.env = "QA" AND NOT (scope ~~ "^.*\bqa\b.*$")</Condition>
</Step>

Multiple scopes check with different condition; Can I check scope based on request attribute value?