With BaseX 12 (and, unofficially, with BaseX 11.6), both the query parameters and the HTTP request headers can now be accessed via the permission variable [1]. For all further request values, the Request Module can be used.

[1] https://docs.basex.org/12/Permissions#checking_permissions

On Tue, Nov 26, 2024 at 9:28 AM Christian Grün <christian.gruen@gmail.com> wrote:

Dear Jörn,

Thanks for sharing your OAuth2 implementation, very appreciated.

While working on this, I realized that BaseX' permission attributes unfortunately lack a small feature that would be quite useful: The "perm" parameter to the checking function provides the method and the path, but unfortunately not any URL parameters.

Indeed it has been suggested multiple times that $perm should be enhanced. In the latest snapshot, we have finally added the query parameters [1], and we may add some more properties. Your feedback is welcome; if it works as expected, we will revise the documentation. BaseX 11.6 will be released this week or in December.

With older versions of BaseX, you can use the request:parameter function to access query parameters [2].

Best,
Christian

[1] https://files.basex.org/releases/latest/
[2] https://docs.basex.org/12/Request_Functions#request:parameter

In my case, I would like to remember the URL (including parameters) the user called before I redirect him to the authorization server to login, so I can afterward redirect him to the page he actually wanted.

But in a more general context, I can imagine it would also be useful to do permission checks on the parameters, too. Or maybe I missed something?

Kind regards

Jörn Willhöft