proc

auth.create
0.000001

Creates an authorization, providing fine-grained access control to end-users.

Arguments
abilitiesrequired
An array of endpoints the authorization is allowed to access.
insecure
When `true`, allows insecure authorizations to be created. Defaults to `false`.
expiry
When the authorization expires, given as a timestamp.
ttl
The number of seconds until the authorization expires.
Return Value
The created authorization, limited to the given abilities.

Unlike secrets, which offer unrestricted access to an account, authorizations are restricted to the abilities they are created with. Authorizations can also be created with a ttl or expiry, making them useless after a point in time.

Generally speaking, authorizations provide a more secure usage model for Proc. In most cases, secrets should only be used to create authorizations with specific abilities. These limited authorizations are then safe to distribute to clients where they might become visible to an end-user, such as in a web browser.

Authorizations are created with one or more abilities that define the scope of access. For example, creating an authorization with abilities of ["type"] grants access to all procs defined in the type package.

something went wrong :(
Creating and using an authorization
Setup
authorization=PROCAUTH

require "proc"

client = Proc.connect("PROCAUTH")

const Proc = require("@proc.dev/client");
const client = Proc.connect("PROCAUTH");

authorization = client.auth.create.call(
  abilities: ["type"]
)

Proc.connect(authorization)["type.string.reverse"].call(
  "hello"
)

let authorization = await client.auth.create.call(
  null, {abilities: ["type"]}
);

await Proc.connect(authorization)["type.string.reverse"].call("hello");

authorization=$(curl https://proc.run/auth/create --silent \
--header "authorization: bearer $authorization" \
--header "content-type: application/vnd.proc+json" \
--header "accept: text/plain" \
--data '[["$$", "abilities", ["type"]]]')

curl "https://proc.run/type/string/reverse" --silent \
--header "authorization: bearer $authorization" \
--header "content-type: text/plain" \
--data 'hello'
 

olleh

Proc returns an error if the authorization attempts to call a proc it has not been authorized to call.

something went wrong :(
Using an authorization outside of its ability
Setup
authorization=PROCAUTH

require "proc"

client = Proc.connect("PROCAUTH")

const Proc = require("@proc.dev/client");
const client = Proc.connect("PROCAUTH");

authorization = client.auth.create.call(
  abilities: ["type"]
)

Proc.connect(authorization)["keyv.get"].call(
  "some_key"
)

let authorization = await client.auth.create.call(
  null, {abilities: ["type"]}
);

await Proc.connect(authorization).keyv.get.call(
  "some_key"
);

authorization=$(curl https://proc.run/auth/create --silent \
--header "authorization: bearer $authorization" \
--header "content-type: application/vnd.proc+json" \
--header "accept: text/plain" \
--data '[["$$", "abilities", ["type"]]]')

curl "https://proc.run/keyv/get" --silent \
--header "authorization: bearer $authorization" \
--header "content-type: text/plain" \
--data 'some_key'
 

authorization does not have the ability to access proc keyv.get

There's more to authorizations than can be covered here—learn about advanced usage in the docs.

Insecure Authorizations

Granting certain abilities can lead to insecure use of Proc. Since there's a bit of nuance to these use-cases, attempts to create an insecure authorization will return an error by default. You can override this behavior by passing the insecure argument with a value of true when calling auth.create.

no related procs
Stuck? Want to chat about an idea? Join the community on Discord.