Wanderland Core: Authorization

Scope-based authorization. The capability model with two axes: roles (ceiling) and scopes (floor).

The Model

• Roles are the ceiling — the maximum set of capabilities an identity could be granted. Defined on the identity by the IDP.
• Scopes are the floor — the minimum set of capabilities required to perform a specific operation. Defined on the boundary.
• At token issuance (IDP#issue), requested scopes are validated against roles. You cannot request a scope your roles don't permit.
• At authorization time (here), held scopes are checked against required scopes. You cannot proceed without the scopes the operation demands.

The Check

required.all? { |s| held.include?(s) }

The caller must hold every required scope. Having :read but missing :sign when both are required is a denial. Any gap raises Authorization::Denied with both lists for audit.

Every authorization check — granted or denied — is recorded on the active trace span.

Source File

wanderland-core/lib/wanderland/authorization.rb