Easily Manage OAuth2 Scopes In Go

Scope Matching Using Wildcard Strategy

import ""

scopeA := "read:user:*"
scopeB := "read:user:username"

doesMatch := scope.MatchScopes(scopeA, scopeB)

This strategy will work like this :-

  • users.* matches
  • users.* matches
  • matches
  • users does not match
  •* does not match
  • users.*.* does not match
  • users.*.* matches
  • users.*.* matches
  •* matches
  •* matches
  • users.write.* does not match
  • users.*.bar matches
  • users.*.bar does not

Filtering Struct For Read Request

When a client request certain data, this function will eliminate any data in the struct for which the client does not have a read scope.

type user struct {
    username string `readScope:"user:read:username"`
    email string `readScope:"user:read:email"`

func main() {
    output := user{username : "Test", email : "[email protected]"}
    scopesHeldByClient := []string{"user:read:username"}
    scope.FilterRead(output, scopesHeldByClient)

    // Now will be nil as client does not have scope required to read email field

    output := user{username : "Test", email : "[email protected]"}
    scopesHeldByClient := []string{"user:read:*"}
    scope.FilterRead(&output, scopesHeldByClient)

    // Now none of the field in output will be nil as client has scopes to read everything in user struct