This directory contains example AAA (Authentication, Authorization and Access) libraries for various use cases.
To activate one of these scripts (or derivatives thereof), simply copy the appropriate AAA script to site/api/lib/aaa_site.lua
. This will then be used by the main aaa.lua script.
These scripts require that site/api/lib/config.lua
has one or more OAuth providers specified as authorities, as such:
..., -- Use Google OAuth as an authority admin_oauth = { "www.googleapis.com" } ...
aaa_by_email_address.lua
checks against a GLOB (valid_email
), and if a logged-in user's email address matches this, provides access to private lists, provided the OAuth provider used is listed in config.lua
as a valid authority.
aaa_by_portal.lua
checks which OAuth portal was used to log in. If it's the right (Google in the example), then access to private lists is granted.
aaa_with_subgroups.lua
checks validated accounts against an access list, and if found, provides access to a specific set of lists for each individual user.