pub fn validate_and_resolve_user_attribution_grpc(
metadata: &MetadataMap,
) -> Result<UserAttribution, Box<Status>>Expand description
Validate and resolve user attribution from gRPC metadata
This function prevents user impersonation by validating x-user-id and x-user-email headers against the authenticated user’s identity:
- OIDC user tokens: User identity MUST match token claims (no impersonation allowed)
- API keys/service accounts: Can act on behalf of users (delegation allowed)
- Unauthenticated requests: Pass through client-provided attribution
Header values support percent-encoded UTF-8 for international characters. Invalid headers are handled gracefully with logging.
§Arguments
metadata- gRPC metadata map (tonic::metadata::MetadataMap) containing authentication and attribution headers
§Returns
Returns Ok(UserAttribution) containing:
user_id: The resolved user identifieruser_email: The resolved user emailuser_name: The display name from x-user-name header (if provided)service_account:Some(name)when delegation is being used,Noneotherwise
§Errors
Returns Err(Box<Status::PermissionDenied>) if an OIDC user attempts to impersonate another user.
§Example
use micromegas_auth::user_attribution::validate_and_resolve_user_attribution_grpc;
use tonic::metadata::MetadataMap;
let mut metadata = MetadataMap::new();
metadata.insert("x-auth-subject", "alice@example.com".parse().unwrap());
metadata.insert("x-auth-email", "alice@example.com".parse().unwrap());
metadata.insert("x-allow-delegation", "false".parse().unwrap());
metadata.insert("x-user-id", "alice@example.com".parse().unwrap());
let result = validate_and_resolve_user_attribution_grpc(&metadata);
assert!(result.is_ok());