[SOLVED] FusionAuth Authorization

FusionAuth Authorization

I am developing a Spring Boot REST API, this API exposes a "/verify" endpoint to validate the token and the access to a certain resource. In FusionAuth I have roles attached to my users. So is the a method to validate if the user has that role so i can let them pass?

Solution

In FusionAuth, the access token is a JWT, which contains a JSON payload like this:

{
  "applicationId": "3c219e58-ed0e-4b18-ad48-f4f92793ae32",
  // ...
  "roles": [
    "necessary_role",
    "other_role"
  ],
  // ...
}

To get that JSON out of the JWT, you can decode it yourself or pass it to one of a few FusionAuth endpoints that will return readable JSON:

Introspect /oauth2/introspect
UserInfo /oauth2/userinfo
Validate /api/jwt/validate

Once you have readable JSON, you just need to examine the roles array for the role in question:

if (jwt.roles.contains("necessary_role") {
  // handle user with necessary_role
} else {
  // handle user without necessary_role
}