I have a Spring boot API that I managed to secure with oAuth2 and Google. I have something similar to this: Rest, Spring own OAuth2 server + OAuth2 providers like Facebook, Google, Yahoo
Everything works as expected.
My question is the following: How can I know limit the access to certain users (not every google user) ? This sounds like the authorization part to me. I'm not sure where to start as I'm a beginner in all this.
Thanks for any help or pointer.
To the best of my knowledge, if you want to limit access to an API based on a user's last name (going by your example) I will set up a sample scenario of something I might do.
Say for instance I have an API with an endpoint such as /api/family?lastname=doe and the purpose of this API is to return a list of people with the same last name as "doe" in this case. The API will only return a result if the last name provided in the parameter is equal to the current authorized user's last name.
So maybe I'd have an API set up as follows:
@RequestMapping(value="/api/family", method = RequestMethod.GET)
@ResponseBody
public List<Member> findFamilyMembersByLastName(@RequestParam(value="lastname", required=true) String lastName){
User authorizedUser = getCurrentUser(); // Set up a method that is able to get the current logged in user
if(!authorizedUser.getLastName().equals(lastName){
// Throw some kind of exception here
}
// otherwise perform a query to find a list of Members with last name and return them
}
