Access policy sketch notes

Look at public API access middleware

Harden the access policy authorization calls main

Understand how main is used for access policy getValidatedAccessPolicyIfPolicyStringIsValidAndIsAuthorizedAsync

Do we need a flag like api access middleware? Everything you can share externally is based on access policy

Maybe we can deprecate this for internal requests (not going to do this right now)

Use cases: Shares, workflows, blocks, syncs

Generation side

• public share: AccessPolicyAuthorizationType.PUBLIC_SHARE

• support panel: AccessPolicyAuthorizationType.SUPPORT_PANEL

  Consumption side

• publicApiAccessMiddleware

  • https://github.com/Hyperbase/hyperbase/blob/main/web_service/middleware/public_api_access_middleware.tsx#L229 - this doesn’t have to do with access policy, but could be made resilient (it has to do with legacy auth)
  • if (oauthAccessTokenUtil.isAccessToken(token)): https://github.com/Hyperbase/hyperbase/blob/main/web_service/middleware/public_api_access_middleware.tsx#L297 I don’t know what this is for, but is also not currently resilient.

• ensureAccessPolicyOrLoggedInMiddleware

  • getAuthenticatedUserIdStrategyAndValidatedAccessPolicyAsync

Things that need to be

---

uid: 202212201536 tags: #airtable

---

---

---