RPC Auth¶
Configures the authentication feature. The authentication feature is only relevant for the server and defines how each call should be checked.
| Fields | Mandatory | Description |
|---|---|---|
access |
✅ Yes | Requires the scope of the incoming JWT to match the value of this. If a call only reads data (no modification of state) then thevalue of this field should be AccessRight.READ. In all other cases it should be AccessRight.READ_WRITE. |
roles |
❌ No Default: Roles.END_USER |
Sets a requirement for the role to be in this set |
Options for Roles:
| Field | Description |
|---|---|
AUTHENTICATED |
Any authenticated principal (USER, ADMIN, SERVICE) |
END_USER |
Any authenticated end-user (USER, ADMIN) |
PRIVILEGED |
Any privileged user (ADMIN, SERVICE) |
ADMIN |
Only UCloud admins (ADMIN) |
PUBLIC |
Any principal (including unauthenticated) |
PROVIDER |
Any provider |
Examples¶
Example: Minimal example
auth {
// Use AccessRight.READ if the call is read only
// otherwise use AccessRight.READ_WRITE
access = AccessRight.READ
}
Example: Public endpoint
auth {
access = AccessRight.READ
roles = Roles.PUBLIC
}
Example: Privileged endpoint
auth {
access = AccessRight.READ_WRITE
roles = Roles.PRIVILEGED
}