Hi all,
I recently implemented a small OAuth2 / OpenID permission check library in XQuery, complete with a small example page and a docker compose setup, including an identity provider (FusionAuth in this case). I saw this popped up once or twice on the mailing list, but I could not make much use of the provided code, so I hope this might be of interest to anybody.
The example project is available on Github: https://github.com/willhoeft-it/basex-oauth2 I would be glad to hear about any opinions or get some feedback.
While working on this, I realized that BaseX' permission attributes unfortunately lack a small feature that would be quite useful: The "perm" parameter to the checking function provides the method and the path, but unfortunately not any URL parameters. In my case, I would like to remember the URL (including parameters) the user called before I redirect him to the authorization server to login, so I can afterward redirect him to the page he actually wanted. But in a more general context, I can imagine it would also be useful to do permission checks on the parameters, too. Or maybe I missed something?
Kind regards Jörn Willhöft