-
Notifications
You must be signed in to change notification settings - Fork 1.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'develop' into bug/1700-unstable-test-should-reload-conf…
…ig-on-change
- Loading branch information
Showing
20 changed files
with
124 additions
and
78 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,15 +1,12 @@ | ||
Authorization | ||
============= | ||
|
||
Ocelot supports claims based authorization which is run post authentication. This means if you have a route you want to authorize you can add the following to you Route configuration. | ||
Ocelot supports claims based authorization which is run post authentication. This means if you have a route you want to authorize you can add the following to your Route configuration. | ||
|
||
.. code-block:: json | ||
"RouteClaimsRequirement": { | ||
"UserType": "registered" | ||
} | ||
In this example when the authorization middleware is called Ocelot will check to seeif the user has the claim type UserType and if the value of that claim is registered. If it isn't then the user will not be authorized and the response will be 403 forbidden. | ||
|
||
|
||
|
||
In this example when the authorization middleware is called Ocelot will check to see if the user has the claim type UserType and if the value of that claim is registered. If it isn't then the user will not be authorized and the response will be 403 forbidden. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,13 +1,19 @@ | ||
Http Error Status Codes | ||
HTTP Error Status Codes | ||
======================= | ||
|
||
Ocelot will return HTTP status error codes based on internal logic in certain siturations: | ||
- 401 if the authentication middleware runs and the user is not authenticated. | ||
- 403 if the authorization middleware runs and the user is unauthenticated, claim value not authroised, scope not authorized, user doesnt have required claim or cannot find claim. | ||
- 503 if the downstream request times out. | ||
- 499 if the request is cancelled by the client. | ||
- 404 if unable to find a downstream route. | ||
- 502 if unable to connect to downstream service. | ||
- 500 if unable to complete the HTTP request downstream and the exception is not OperationCanceledException or HttpRequestException. | ||
- 404 if Ocelot is unable to map an internal error code to a HTTP status code. | ||
Ocelot will return HTTP status error codes based on internal logic in certain situations: | ||
|
||
Client error responses | ||
---------------------- | ||
|
||
- **401** - if the authentication middleware runs and the user is not authenticated. | ||
- **403** - if the authorization middleware runs and the user is unauthenticated, claim value not authorized, scope not authorized, user doesn't have required claim, or cannot find claim. | ||
- **404** - if unable to find a downstream route, or Ocelot is unable to map an internal error code to a HTTP status code. | ||
- **499** - if the request is cancelled by the client. | ||
|
||
Server error responses | ||
---------------------- | ||
|
||
- **500** - if unable to complete the HTTP request to downstream service, and the exception is not ``OperationCanceledException`` or ``HttpRequestException``. | ||
- **502** - if unable to connect to downstream service. | ||
- **503** - if the downstream request times out. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.