Iam Integration
by @effort02
Use when integrating a new service with the IAM (Identity and Access Management) system - covers gRPC client setup, JWT token validation, permission checks,...
grpc:
client:
iam-service:
address: dns:///iam.${namespace}.svc.cluster.local:9090
negotiation-type: plaintext
Token Validation
@Autowired JwtTokenRichClient jwtTokenClient;// Validate token (with optional permission check)
ValidateAccessTokenRequest req = ValidateAccessTokenRequest.newBuilder()
.setAccessToken(token)
.setAppCode(appCode)
.setTenantCode(tenantCode)
// optional: add permission check
.setPermissionCheck(PermissionCheck.newBuilder()
.setObject("resource-name")
.setAct("read")
.build())
.build();
ValidateAccessTokenResponse resp = jwtTokenClient.validateAccessToken(req);
// resp.getUid(), resp.getRoleCodesList(), resp.getValid()
Permission Check
@Autowired AuthorizationRichClient authClient;HasPermissionRequest req = HasPermissionRequest.newBuilder()
.setAppCode(appCode)
.setTenantCode(tenantCode)
.setSubject(uid)
.setObject("resource-name")
.setAct("write")
.setSiteCode(siteCode)
.build();
boolean allowed = authClient.hasPermission(req).getHasPermission();
Get Account Info
@Autowired AccountRichClient accountClient;GetByUidRequest req = GetByUidRequest.newBuilder()
.setUid(uid).setAppCode(appCode).setTenantCode(tenantCode)
.build();
AccountProto account = accountClient.getByUid(req).getAccount();
clawhub install iam-integration