This directory contains example AAA (Authentication, Authorization and Access) libraries for various use cases.
To activate one of these scripts (or derivatives thereof), simply replace site/api/lib/aaa.lua
with the AAA script of your choice.
These script will require that site/api/lib/config.lua
has one or more OAuth providers specified as authorities, as such:
..., -- This adds Persona and Google OAuth as authorities admin_oauth = { "verifier.login.persona.org", "www.googleapis.com" } ...
aaa_by_email_address.lua
checks against a GLOB (valid_email
), and if a logged-in user's email address matches this, provides access to private lists, provided the OAuth provider used is listed in config.lua
as a valid authority.
aaa_by_portal.lua
checks which OAuth portal was used to log in. If it's the right (Google in the example), then access to private lists is granted.
aaa_with_subgroups.lua
checks validated accounts against an access list, and if found, provides access to a specific set of lists for each individual user.