Hi all,
I recently implemented a small OAuth2 / OpenID permission check library in XQuery, complete with a small example page and a docker compose setup, including an identity provider (FusionAuth in this case). I saw this popped up once or twice on the mailing list, but I could not make much use of the provided code, so I hope this might be of interest to anybody.
The example project is available on Github: https://github.com/willhoeft-it/basex-oauth2 I would be glad to hear about any opinions or get some feedback.
While working on this, I realized that BaseX' permission attributes unfortunately lack a small feature that would be quite useful: The "perm" parameter to the checking function provides the method and the path, but unfortunately not any URL parameters. In my case, I would like to remember the URL (including parameters) the user called before I redirect him to the authorization server to login, so I can afterward redirect him to the page he actually wanted. But in a more general context, I can imagine it would also be useful to do permission checks on the parameters, too. Or maybe I missed something?
Kind regards Jörn Willhöft
Dear Jörn,
Thanks for sharing your OAuth2 implementation, very appreciated.
While working on this, I realized that BaseX' permission attributes unfortunately lack a small feature that would be quite useful: The "perm" parameter to the checking function provides the method and the path, but unfortunately not any URL parameters.
Indeed it has been suggested multiple times that $perm should be enhanced. In the latest snapshot, we have finally added the query parameters [1], and we may add some more properties. Your feedback is welcome; if it works as expected, we will revise the documentation. BaseX 11.6 will be released this week or in December.
With older versions of BaseX, you can use the request:parameter function to access query parameters [2].
Best, Christian
[1] https://files.basex.org/releases/latest/ [2] https://docs.basex.org/12/Request_Functions#request:parameter
In my case, I would like to remember the URL (including parameters) the user called before I redirect him to the authorization server to login, so I can afterward redirect him to the page he actually wanted. But in a more general context, I can imagine it would also be useful to do permission checks on the parameters, too. Or maybe I missed something?
Kind regards Jörn Willhöft
With BaseX 12 (and, unofficially, with BaseX 11.6), both the query parameters and the HTTP request headers can now be accessed via the permission variable [1]. For all further request values, the Request Module can be used.
[1] https://docs.basex.org/12/Permissions#checking_permissions
On Tue, Nov 26, 2024 at 9:28 AM Christian Grün christian.gruen@gmail.com wrote:
Dear Jörn,
Thanks for sharing your OAuth2 implementation, very appreciated.
While working on this, I realized that BaseX' permission attributes unfortunately lack a small feature that would be quite useful: The "perm" parameter to the checking function provides the method and the path, but unfortunately not any URL parameters.
Indeed it has been suggested multiple times that $perm should be enhanced. In the latest snapshot, we have finally added the query parameters [1], and we may add some more properties. Your feedback is welcome; if it works as expected, we will revise the documentation. BaseX 11.6 will be released this week or in December.
With older versions of BaseX, you can use the request:parameter function to access query parameters [2].
Best, Christian
[1] https://files.basex.org/releases/latest/ [2] https://docs.basex.org/12/Request_Functions#request:parameter
In my case, I would like to remember the URL (including parameters) the user called before I redirect him to the authorization server to login, so I can afterward redirect him to the page he actually wanted. But in a more general context, I can imagine it would also be useful to do permission checks on the parameters, too. Or maybe I missed something?
Kind regards Jörn Willhöft
Hi Christian,
ah, thanks for the hint! I didn't think of the request-functions, but the request:query() does exactly what I need.
I am looking forward for the new release. Thank you and your team for your efforts and dedication!
Kind regards Jörn
Christian Grün christian.gruen@gmail.com hat am 26.11.2024 09:28 CET geschrieben:
Dear Jörn,
Thanks for sharing your OAuth2 implementation, very appreciated.
While working on this, I realized that BaseX' permission attributes unfortunately lack a small feature that would be quite useful: The "perm" parameter to the checking function provides the method and the path, but unfortunately not any URL parameters.
Indeed it has been suggested multiple times that $perm should be enhanced. In the latest snapshot, we have finally added the query parameters [1], and we may add some more properties. Your feedback is welcome; if it works as expected, we will revise the documentation. BaseX 11.6 will be released this week or in December. With older versions of BaseX, you can use the request:parameter function to access query parameters [2].
Best, Christian
[1] https://files.basex.org/releases/latest/ [2] https://docs.basex.org/12/Request_Functions#request:parameter
In my case, I would like to remember the URL (including parameters) the user called before I redirect him to the authorization server to login, so I can afterward redirect him to the page he actually wanted. But in a more general context, I can imagine it would also be useful to do permission checks on the parameters, too. Or maybe I missed something?
Kind regards Jörn Willhöft
Hi Jörn,
Thanks for sharing this. I looked at the code and was surprised and delighted to see you are using my docker image[1]. I have updated it for BaseX 11.6 and added a reference to your docker-compose as an example [2]. Hope that is ok.
/Andy
[1] https://github.com/Quodatum/basex-docker [2] https://github.com/Quodatum/basex-docker?tab=readme-ov-file#docker-compose
On Tue, 26 Nov 2024 at 10:19, Jörn Willhöft jwi@willhoeft-it.com wrote:
Hi Christian,
ah, thanks for the hint! I didn't think of the request-functions, but the request:query() does exactly what I need.
I am looking forward for the new release. Thank you and your team for your efforts and dedication!
Kind regards Jörn
Christian Grün christian.gruen@gmail.com hat am 26.11.2024 09:28 CET geschrieben:
Dear Jörn,
Thanks for sharing your OAuth2 implementation, very appreciated.
While working on this, I realized that BaseX' permission attributes unfortunately lack a small feature that would be quite useful: The "perm" parameter to the checking function provides the method and the path, but unfortunately not any URL parameters.
Indeed it has been suggested multiple times that $perm should be enhanced. In the latest snapshot, we have finally added the query parameters [1], and we may add some more properties. Your feedback is welcome; if it works as expected, we will revise the documentation. BaseX 11.6 will be released this week or in December. With older versions of BaseX, you can use the request:parameter function to access query parameters [2].
Best, Christian
[1] https://files.basex.org/releases/latest/ [2] https://docs.basex.org/12/Request_Functions#request:parameter
In my case, I would like to remember the URL (including parameters) the user called before I redirect him to the authorization server to login, so I can afterward redirect him to the page he actually wanted. But in a more general context, I can imagine it would also be useful to do permission checks on the parameters, too. Or maybe I missed something?
Kind regards Jörn Willhöft
Hi Andy,
yes, of course it's okay!
Since yours is the "most official" current BaseX image, it's hard to get around it without building your own. Thank you for maintaining it. I am looking forward to update soon.
Kind regards
Jörn
Andy Bunce bunce.andy@gmail.com hat am 05.12.2024 11:46 CET geschrieben:
Hi Jörn,
Thanks for sharing this. I looked at the code and was surprised and delighted to see you are using my docker image[1]. I have updated it for BaseX 11.6 and added a reference to your docker-compose as an example [2]. Hope that is ok.
/Andy
[1] https://github.com/Quodatum/basex-docker [2] https://github.com/Quodatum/basex-docker?tab=readme-ov-file#docker-compose
On Tue, 26 Nov 2024 at 10:19, Jörn Willhöft <jwi@willhoeft-it.com mailto:jwi@willhoeft-it.com> wrote:
Hi Christian,
ah, thanks for the hint! I didn't think of the request-functions, but the request:query() does exactly what I need.
I am looking forward for the new release. Thank you and your team for your efforts and dedication!
Kind regards Jörn
Christian Grün <christian.gruen@gmail.com mailto:christian.gruen@gmail.com> hat am 26.11.2024 09:28 CET geschrieben:
Dear Jörn,
Thanks for sharing your OAuth2 implementation, very appreciated.
While working on this, I realized that BaseX' permission attributes unfortunately lack a small feature that would be quite useful: The "perm" parameter to the checking function provides the method and the path, but unfortunately not any URL parameters.
Indeed it has been suggested multiple times that $perm should be enhanced. In the latest snapshot, we have finally added the query parameters [1], and we may add some more properties. Your feedback is welcome; if it works as expected, we will revise the documentation. BaseX 11.6 will be released this week or in December. With older versions of BaseX, you can use the request:parameter function to access query parameters [2].
Best, Christian
[1] https://files.basex.org/releases/latest/ [2] https://docs.basex.org/12/Request_Functions#request:parameter
In my case, I would like to remember the URL (including parameters) the user called before I redirect him to the authorization server to login, so I can afterward redirect him to the page he actually wanted. But in a more general context, I can imagine it would also be useful to do permission checks on the parameters, too. Or maybe I missed something?
Kind regards Jörn Willhöft
basex-talk@mailman.uni-konstanz.de
-
Andy Bunce -
Christian Grün -
Jörn Willhöft