Enable JWT group-based user authorization (#1368)

* Extend management API to support list of allowed JWT groups (#1366) * Add JWTAllowGroups settings to account management * Return an empty group list if jwt allow groups is not set * Add JwtAllowGroups to account settings in handler test * Add JWT group-based user authorization (#1373) * Add JWTAllowGroups settings to account management * Return an empty group list if jwt allow groups is not set * Add JwtAllowGroups to account settings in handler test * Implement user access validation authentication based on JWT groups * Remove the slices package import due to compatibility issues with the gitHub workflow(s) Go version * Refactor auth middleware and test for extracted claim handling * Optimize JWT group check in auth middleware to cover nil and empty allowed groups
2026-04-18 08:16:39 +00:00 · 2023-12-11 18:59:15 +03:00
parent 5ecafef5d2
commit d275d411aa
8 changed files with 133 additions and 10 deletions
--- a/management/server/http/api/openapi.yml
+++ b/management/server/http/api/openapi.yml
@@ -66,6 +66,12 @@ components:
          description: Name of the claim from which we extract groups names to add it to account groups.
          type: string
          example: "roles"
+        jwt_allow_groups:
+          description: List of groups to which users are allowed access
+          type: array
+          items:
+            type: string
+            example: Administrators
        extra:
          $ref: '#/components/schemas/AccountExtraSettings'
      required: