This directory contains example AAA (Authentication, Authorization and Access) libraries for various use cases.
To activate one of these scripts (or derivatives thereof), simply replace site/api/lib/aaa.lua with the AAA script of your choice.
These script will require that site/api/lib/config.lua has one or more OAuth providers specified as authorities, as such:
...,
-- This adds Persona and Google OAuth as authorities
admin_oauth = { "verifier.login.persona.org", "www.googleapis.com" }
...
aaa_by_email_address.lua checks against a GLOB (valid_email), and if a logged-in user's email address matches this, provides access to private lists, provided the OAuth provider used is listed in config.lua as a valid authority.
aaa_by_portal.lua checks which OAuth portal was used to log in. If it's the right (Google in the example), then access to private lists is granted.
aaa_with_subgroups.lua checks validated accounts against an access list, and if found, provides access to a specific set of lists for each individual user.