Replace auth account.Namespace with account.Scopes

util/auth/auth.go

@@ -18,17 +18,19 @@ func Generate(id string, name string, a auth.Auth) error {
 	// if no credentials were provided, generate an account
 	if len(accID) == 0 || len(accSecret) == 0 {
 		name := fmt.Sprintf("%v-%v", name, id)
+		scope := "namespace." + a.Options().Namespace
+
 		opts := []auth.GenerateOption{
 			auth.WithType("service"),
 			auth.WithRoles("service"),
-			auth.WithNamespace(a.Options().Namespace),
+			auth.WithScopes(scope),
 		}
 
 		acc, err := a.Generate(name, opts...)
 		if err != nil {
 			return err
 		}
-		logger.Infof("Auth [%v] Authenticated as %v in the %v namespace", a, name, acc.Namespace)
+		logger.Infof("Auth [%v] Authenticated as %v in the %v scope", a, name, scope)
 
 		accID = acc.ID
 		accSecret = acc.Secret

util/file/proto/file.pb.micro.go

@@ -1,5 +1,5 @@
 // Code generated by protoc-gen-micro. DO NOT EDIT.
-// source: micro/go-micro/util/file/proto/file.proto
+// source: util/file/proto/file.proto
 
 package go_micro_server
 

util/wrapper/wrapper.go

@@ -197,10 +197,7 @@ func AuthHandler(fn func() auth.Auth) server.HandlerWrapper {
 			}
 
 			// Inspect the token and get the account
-			account, err := a.Inspect(token)
-			if err != nil {
-				account = &auth.Account{Namespace: a.Options().Namespace}
-			}
+			account, _ := a.Inspect(token)
 
 			// construct the resource
 			res := &auth.Resource{
@@ -210,7 +207,7 @@ func AuthHandler(fn func() auth.Auth) server.HandlerWrapper {
 			}
 
 			// Verify the caller has access to the resource
-			err = a.Verify(account, res)
+			err := a.Verify(account, res)
 			if err != nil && len(account.ID) > 0 {
 				return errors.Forbidden(req.Service(), "Forbidden call made to %v:%v by %v", req.Service(), req.Endpoint(), account.ID)
 			} else if err != nil {