Authorizer Client

AuthorizerClient. It can be used on its own to make authorization calls or, more commonly, it can be used to create authorization middleware.

Create a Client

import (
    "github.com/aserto-dev/aserto-go/authorizer/grpc"
    "github.com/aserto-dev/aserto-go/client"
)

...

authClient, err := grpc.New(
  context.Background(),
    client.WithAddr("localhost:8282"),
    client.WithInsecure(true),
)

Make Authorization Calls

Using an authorizer client we can call the Is() API to check if a user is authorized to perform an operation.

import (
    "fmt"

    "github.com/aserto-dev/aserto-go/authorizer/grpc"
    "github.com/aserto-dev/aserto-go/authorizer/http"
    "github.com/aserto-dev/aserto-go/client"
    authz "github.com/aserto-dev/go-authorizer/aserto/authorizer/v2"
    "github.com/aserto-dev/go-authorizer/aserto/authorizer/v2/api"
)

...
clientAuthz, err := grpc.New(
    context.Background(),
    client.WithAddr("localhost:8282"),
    client.WithInsecure(true),
)
if err != nil {
    panic(err)
}

result, err := clientAuthz.Is(context.Background(), &authz.IsRequest{
    PolicyContext: &api.PolicyContext{
        Path:      "peoplefinder.GET.api.users.__id",
        Decisions: []string{"allowed"},
    },
    IdentityContext: &api.IdentityContext{
        Identity: "euang@acmecorp.com",
        Type:     api.IdentityType_IDENTITY_TYPE_SUB,
    },
})

// Check the authorizer's decision.
for _, decision := range result.Decisions {
    if decision.Decision == "allowed" {
        if decision.Is {
            fmt.Println("Access granted")
        } else {
            fmt.Println("Access denied")
        }
    }
}

We can similarly call the DecisionTree() and Query() APIs.

Authorizer Client

Create a Client​

Make Authorization Calls​

Create a Client

Make Authorization Calls