Skip to main content

Authorizer Client

AuthorizerClient is an abstraction over the raw grpc bindings that talks to the Aserto authorization API. It can be used to make authorization calls, or to create authorization middleware.


The code is available as a maven component and can be easily added to you project by adding the maven dependency


Create a Client

// create a channel that has the connection details
ManagedChannel channel = new ChannelBuilder()

// create authz client
AuthorizerClient authzClient = new AuthzClient(channel);

If you are using Topaz as an authorizer, by default the certificate will in be $HOME/.local/share/topaz/certs/grpc-ca.crt, or $HOME\AppData\Local\topaz\certs on Windows. For dev/test scenarios you can also use an insecure connection by replacing .withCACertPath(<path_to_authorizer_certificates>) with .withInsecure(true)

The ChannelBuilder accepts setting the fallowing properties:

withHost(String)authorizer host
withPort(int)authorizer port
withCACertPath(String)path to certificate used for TLS connection to authorizer
withInsecure(Boolean)use an isecure connection to the authorizer
withTenantId(String)TenantId, not required for Topaz
withAPIKeyAuth(String)auth key, not required for Topaz
withTokenAuth(String)Auth0 token

Make Authorization Calls

// identity context contains information abou the user that requests access to some resource
IdentityCtx identityCtx = new IdentityCtx("", IdentityType.IDENTITY_TYPE_SUB);

// contains information about the policy we want to check for the provided identity
PolicyCtx policyCtx = new PolicyCtx("todo", "todo", "todoApp.DELETE.todos.__id", new String[]{"allowed"});

// check if the identity is allowed to perform the action
List<Decision> decisions =, policyCtx);

decisions.forEach(decision -> {
String dec = decision.getDecision();
boolean isAllowed = decision.getIs();
System.out.println("For decision [" + dec + "] the answer was [" + isAllowed + "]");

For more details please see the full example