Authorizer Client

AuthorizerClient. It can be used on its own to make authorization calls or, more commonly, it can be used to create authorization middleware.

Create a Client

import (
	"github.com/aserto-dev/go-aserto"
	"github.com/aserto-dev/go-aserto/az"
)

...

azClient, err := az.New(
	aserto.WithAddr("localhost:8282"),
	aserto.WithInsecure(true),
)

Make Authorization Calls

Using an authorizer client we can call the Is() API to check if a user is authorized to perform an operation.

import (
	"context"
	"fmt"
	"log"

	"google.golang.org/protobuf/types/known/structpb"

	"github.com/aserto-dev/go-aserto"
	"github.com/aserto-dev/go-aserto/az"
	"github.com/aserto-dev/go-authorizer/aserto/authorizer/v2"
	"github.com/aserto-dev/go-authorizer/aserto/authorizer/v2/api"
)

...
azClient, err := az.New(
	aserto.WithAddr("localhost:8282"),
	aserto.WithInsecure(true),
)
if err != nil {
	log.Fatalf("failed to create authorizer client: %v", err)
}
defer azClient.Close()

// Information about the resource being accessed can be sent
// to the authorizer as a JSON object.
resource, err := structpb.NewStruct(map[string]any{
	"id": "aprils@acmecorp.com",
})
if err != nil {
	log.Fatalf("failed to create resource: %v", err)
}

result, err := azClient.Is(context.Background(), &authorizer.IsRequest{
	PolicyContext: &api.PolicyContext{
		Path:      "peoplefinder.PUT.api.users.__id",
		Decisions: []string{"allowed"},
	},
	IdentityContext: &api.IdentityContext{
		Identity: "euang@acmecorp.com",
		Type:	 api.IdentityType_IDENTITY_TYPE_SUB,
	},
	ResourceContext: resource,
})

// Check the authorizer's decision.
for _, decision := range result.Decisions {
	if decision.Decision == "allowed" {
		if decision.Is {
			fmt.Println("Access granted")
		} else {
			fmt.Println("Access denied")
		}
	}
}

We can similarly call the DecisionTree() and Query() APIs.

Create a Client​

Make Authorization Calls​

Create a Client

Make Authorization Calls