Rename jwtIssuer to identityProvider (ref #80)

2018-01-26 00:42:41 +01:00 · 2018-01-26 00:42:41 +01:00 · 0d47bfcb86
--- a/README.md
+++ b/README.md
@ -40,7 +40,7 @@ Policies are defined in YAML files for each consuming service, locally or in rem

 ```yaml
 service: https://service.stage.net
-jwtIssuer: https://auth.mozilla.auth0.com/
+identityProvider: https://auth.mozilla.auth0.com/
 tags:
  superusers:
    - userid:maria
@ -60,7 +60,7 @@ policies:
 ```

 * **service**: the unique identifier of the service
-* **jwtIssuer** (*optional*): when the issuer is set, *Doorman* will verify the JSON Web Token provided in the authorization request and extract the Identity Provider information from its payload
+* **identityProvider** (*optional*): when the identify provider is not empty, *Doorman* will verify the Access Token or the ID Token provided in the authorization request to authenticate the request and obtain the subject profile information (*principals*)
 * **tags**: Local «groups» of principals in addition to the ones provided by the Identity Provider
 * **actions**: a domain-specific string representing an action that will be defined as allowed by a principal (eg. `publish`, `signoff`, …)
 * **resources**: a domain-specific string representing a resource. Preferably not a full URL to decouple from service API design (eg. `print:blackwhite:A4`, `category:homepage`, …).
--- a/api/allowed_test.go
+++ b/api/allowed_test.go
@ -46,7 +46,7 @@ func TestAllowedVerifiesAuthentication(t *testing.T) {
 	d.LoadPolicies(doorman.ServicesConfig{
 		doorman.ServiceConfig{
 			Service:   "https://sample.yaml",
-			JWTIssuer: "https://auth.mozilla.auth0.com/",
+			IdentityProvider: "https://auth.mozilla.auth0.com/",
 			Policies: doorman.Policies{
 				doorman.Policy{
 					Actions: []string{"update"},
--- a/api/openapi.yaml
+++ b/api/openapi.yaml
@ -8,7 +8,7 @@ info:

    ```YAML
    service: https://api.service.org
-    jwtIssuer: https://auth.mozilla.auth0.com/
+    identityProvider: https://auth.mozilla.auth0.com/
    policies:
      -
        id: crud-articles
--- a/doorman/doorman.go
+++ b/doorman/doorman.go
@ -40,7 +40,7 @@ type Policies []Policy
 type ServiceConfig struct {
 	Source    string
 	Service   string
-	JWTIssuer string `yaml:"jwtIssuer"`
+	IdentifyProvider string `yaml:"identifyProvider"`
 	Tags      Tags
 	Policies  Policies
 }
--- a/doorman/doorman_ladon.go
+++ b/doorman/doorman_ladon.go
@ -66,9 +66,9 @@ func (doorman *LadonDoorman) LoadPolicies(configs ServicesConfig) error {
 			return fmt.Errorf("duplicated service %q (source %q)", config.Service, config.Source)
 		}

-		if config.JWTIssuer != "" {
-			log.Infof("Enable authentication from %q", config.JWTIssuer)
-			v, err := authn.NewAuthenticator(config.JWTIssuer)
+		if config.IdentityProvider != "" {
+			log.Infof("Enable authentication from %q", config.IdentityProvider)
+			v, err := authn.NewAuthenticator(config.IdentityProvider)
 			if err != nil {
 				return err
 			}
--- a/doorman/doorman_ladon_test.go
+++ b/doorman/doorman_ladon_test.go
@ -16,7 +16,7 @@ func TestMain(m *testing.M) {
 	sampleConfigs = ServicesConfig{
 		ServiceConfig{
 			Service:   "https://sample.yaml",
-			JWTIssuer: "",
+			IdentityProvider: "",
 			Tags: Tags{
 				"admins": Principals{"userid:maria"},
 			},
@ -154,7 +154,7 @@ func TestBadServicesConfig(t *testing.T) {
 	// Bad JWT issuer
 	err = d.LoadPolicies(ServicesConfig{
 		ServiceConfig{
-			JWTIssuer: "http://perlin-pinpin",
+			IdentityProvider: "http://perlin-pinpin",
 		},
 	})
 	assert.NotNil(t, err)
@ -192,7 +192,7 @@ func TestLoadPoliciesTwice(t *testing.T) {
 	// Load bad policies, does not affect existing.
 	err := doorman.LoadPolicies(ServicesConfig{
 		ServiceConfig{
-			JWTIssuer: "http://perlin-pinpin",
+			IdentityProvider: "http://perlin-pinpin",
 		},
 	})
 	assert.Contains(t, err.Error(), "\"http://perlin-pinpin\" does not use the https:// scheme")
--- a/examples/README.md
+++ b/examples/README.md
@ -23,7 +23,7 @@ In the example below, we rely on the groups of given by the *Identity Provider*

 ```yaml
 service: gurghruin435u85O539g7cKvWBOI
-jwtIssuer: https://auth.mozilla.auth0.com/
+identityProvider: https://auth.mozilla.auth0.com/
 policies:
  -
    id: create-articles
@ -105,7 +105,7 @@ To do that, we define a tag `superuser` along with the intended principals in th

 ```yaml
 service: https://api.service.org
-jwtIssuer:  # disabled
+identityProvider:  # disabled
 tags:
  superuser:
    - userid:maria
--- a/examples/python/policies.yaml
+++ b/examples/python/policies.yaml
@ -1,5 +1,5 @@
 service: SLocf7Sa1ibd5GNJMMqO539g7cKvWBOI
-jwtIssuer: https://auth.mozilla.auth0.com/
+identityProvider: https://auth.mozilla.auth0.com/
 policies:
  - id: "hello"
    description: Allow everyone access hello
--- a/sample.yaml
+++ b/sample.yaml
@ -1,5 +1,5 @@
 service: https://sample.yaml
-jwtIssuer:
+identityProvider:
 tags:
  admins:
    - userid:maria