The library implements core abstractions that can be used to authorize access to web APIs implemented in Giraffe or Suave with Azure Active Directory, as well as primitives to implement authorization for other servers.
A user, a service principal (AD Enterprise Application) or a client (AD Application) acting on behalf of a user.
Suave or Giraffe server hosting the HTTP endpoints.
A role is a computed value based on the scope in the request for a token and returned by AD as a claim in the token.
It can be an AD Role (
role claim), an AD Application role (
roles claim) or a plain
scp scope - all of them will be evaluated by default.
WebPartthat implements the validation
PartProtectorasks for demands given the context of the request
Demandis a recursive data stucture, a simple single value can be captured in a
PartProtectorchecks the token and if matches the claims to the demands
WebPartfor the error
For the Giraffe example walkthrough see the sample.
The library is available under MIT license, which allows modification and redistribution for both commercial and non-commercial purposes. For more information see the License file in the GitHub repository.