I try to set up a Golang auth middleware to extract user id from the authorization header which works as expected. but I’d like to know how to set up policies on the users instead of token/key.
for example, one user specified by user id can only access an API in an hour?
Hello @co_nullne Tyk does not support applying policies to users. However, the way this is typically done is through having a 1 to 1 relationship between keys and users.
keys should be created at first in TYK. what I am trying to do is more like JWT which apply polices on sub extracted from the token. sub doesn’t need to be created ahead. I try to write a plugin to achieve this