Authorizer Client
AuthorizerClient
. It can be used on its own to make authorization calls or, more commonly, it can be used to create authorization middleware.
Create a Client
import (
"github.com/aserto-dev/aserto-go/authorizer/grpc"
"github.com/aserto-dev/aserto-go/client"
)
...
authClient, err := grpc.New(
context.Background(),
client.WithAddr("localhost:8282"),
client.WithInsecure(true),
)
Make Authorization Calls
Using an authorizer client we can call the Is()
API to check if a user is authorized
to perform an operation.
import (
"fmt"
"github.com/aserto-dev/aserto-go/authorizer/grpc"
"github.com/aserto-dev/aserto-go/authorizer/http"
"github.com/aserto-dev/aserto-go/client"
authz "github.com/aserto-dev/go-authorizer/aserto/authorizer/v2"
"github.com/aserto-dev/go-authorizer/aserto/authorizer/v2/api"
)
...
clientAuthz, err := grpc.New(
context.Background(),
client.WithAddr("localhost:8282"),
client.WithInsecure(true),
)
if err != nil {
panic(err)
}
result, err := clientAuthz.Is(context.Background(), &authz.IsRequest{
PolicyContext: &api.PolicyContext{
Path: "peoplefinder.GET.api.users.__id",
Decisions: []string{"allowed"},
},
IdentityContext: &api.IdentityContext{
Identity: "euang@acmecorp.com",
Type: api.IdentityType_IDENTITY_TYPE_SUB,
},
})
// Check the authorizer's decision.
for _, decision := range result.Decisions {
if decision.Decision == "allowed" {
if decision.Is {
fmt.Println("Access granted")
} else {
fmt.Println("Access denied")
}
}
}
We can similarly call the DecisionTree()
and
Query()
APIs.