Refactor proxy builder

2025-07-09 13:27:23 +00:00 · 2025-05-14 15:39:02 +05:30 · 2025-05-14 15:39:02 +05:30 · 331cc281c6
commit 331cc281c6
parent 85e5fe1c1d
5 changed files with 200 additions and 35 deletions
--- a/internal/authz/asgardeo.go
+++ b/internal/authz/asgardeo.go
@ -336,3 +336,23 @@ func randomString(n int) string {
 	}
 	return string(b)
 }
+
+func (p *asgardeoProvider) ProtectedResourceMetadataHandler() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/json")
+		meta := map[string]interface{}{
+			"resource":              p.cfg.ResourceIdentifier,
+			"scopes_supported":      p.cfg.ScopesSupported,
+			"authorization_servers": p.cfg.AuthorizationServers,
+		}
+		if p.cfg.JwksURI != "" {
+			meta["jwks_uri"] = p.cfg.JwksURI
+		}
+		if len(p.cfg.BearerMethodsSupported) > 0 {
+			meta["bearer_methods_supported"] = p.cfg.BearerMethodsSupported
+		}
+		if err := json.NewEncoder(w).Encode(meta); err != nil {
+			http.Error(w, "failed to encode metadata", http.StatusInternalServerError)
+		}
+	}
+}
--- a/internal/authz/default_policy_engine.go
+++ b/internal/authz/default_policy_engine.go
@ -0,0 +1,20 @@
+package authz
+
+import (
+	"net/http"
+)
+
+type TokenClaims struct {
+	Scopes []string
+}
+
+type DefaulPolicyEngine struct{}
+
+func (d *DefaulPolicyEngine) Evaluate(r *http.Request, claims *TokenClaims, requiredScope string) PolicyResult {
+	for _, scope := range claims.Scopes {
+		if scope == requiredScope {
+			return PolicyResult{DecisionAllow, ""}
+		}
+	}
+	return PolicyResult{DecisionDeny, "missing scope '" + requiredScope + "'"}
+}