rpc_auth

Configures the authentication feature. The authentication feature is only relevant for the server and defines how each call should be checked.

FieldsMandatoryDescription

access

✅ Yes

Requires the scope of the incoming JWT to match the value of this. If a call only reads data (no modification of state) then thevalue of this field should be AccessRight.READ. In all other cases it should be AccessRight.READ_WRITE.

roles

❌ No Default: Roles.END_USER

Sets a requirement for the role to be in this set

Options for Roles:

FieldDescription

AUTHENTICATED

Any authenticated principal (USER, ADMIN, SERVICE)

END_USER

Any authenticated end-user (USER, ADMIN)

PRIVILEGED

Any privileged user (ADMIN, SERVICE)

ADMIN

Only UCloud admins (ADMIN)

PUBLIC

Any principal (including unauthenticated)

Examples

Example: Minimal example

auth {
    // Use AccessRight.READ if the call is read only
    // otherwise use AccessRight.READ_WRITE
    access = AccessRight.READ
}

Example: Public endpoint

auth {
    access = AccessRight.READ
    roles = Roles.PUBLIC
}

Example: Privileged endpoint

auth {
    access = AccessRight.READ_WRITE
    roles = Roles.PRIVILEGED
}

Last updated