I am working on a service that provides intelligent (I hope) integration of various supporting services OAuth 2.0. The focus of this instrument on improving team work, so we unite Slack, GitHub, Asana(error tracker), Cezanne(hr tool), etc.
We have ui and backend that work with all these tools (the user has the right to all of them, so I need access tokens and updates). We need to be able to hide different parts of ui depending on the role of the person in a particular instrument. Take as an example GitHub. A user can be the owner of the repository, the investor, the owner of the company (for a business account), etc. Therefore, these users may require a different ui based on their rights.
Initially, I did not dare to authorize myself (another special authorization system is the last thing the world needs), I wanted to use the authorization mechanisms of other services and just create a lightweight shell around them. At first it seemed like a reasonable idea, but I canโt figure out how to implement it, and Google doesnโt provide valuable advice, which means: 99.99% I'm trying to do something stupid, 00.01% I'm trying to do something rare / innovative.
I was hoping to take advantage OAuth 2.0, but does not seem to support what we need. The closest are areas, but this is not very similar to our scenario.
The only idea I have now is to create my own authorization system and integrate other services using reverse engineering. Therefore, I would request GitHub user account information using the API and apply its roles in our system: Owner for repository A, contributor for repository B, owner of company C, etc. I will have to reconstruct the permission for each role (i.e. the owner of the repository cannot change the name of the company). And we will need to save user roles for each service: so instead of the usual Admin / User / Manager, etc. we get: OwnerOfGitHubRepository (for repositoryA), ManagerOfAsanaTeam (for team B), etc.
It would be great if the services OAuth 2.0had an endpoint that returned the permissions available to the current user.
, - . , , , , .