Skip to main content

authz/decisiontree

The decisiontree API allows the caller to get the value of any decisions across ALL policy modules, with a user context, but without a resource context.

This API is useful for getting a "decision tree" that guides a calling application around what functionality will be available to a user based on their context.

It is used by the display state map middleware in SDKs such as the Aserto Express.js SDK, in conjunction with the Aserto React SDK, that is useful in conditionally rendering UI elements based on the display state that corresponds to a decision.

The inputs to the decisiontree API are the user context, the set of decisions that the calling application wants to evaluate, the (optional) policy module used to make the decision(s), the (optional) resource context, and a set of options.

URL

POST .../api/v2/authz/decisiontree

Input payload

{
"identityContext": {
"type": "IDENTITY_TYPE_SUB",
"identity": "<subject>"
},
"policyContext": {
"decisions": ["visible", "enabled"],
"path": "sample"
},
"policyInstance": {
"name": "[policy-name]",
"instanceLabel": "[instance-label]"
},
"resourceContext": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"options": {
"pathSeparator": "PATH_SEPARATOR_SLASH"
}
}

The identityContext map is documented here.

The policyContext map is documented here.

The policyInstance map is documented here.

The resourceContext map is documented here.

The options map allows the caller to specify the format for retrieving the cartesian product of paths and decisions that are being requested.

Path separator

Path separator values are:

  • PATH_SEPARATOR_SLASH: the key in the returned decision tree is of the form VERB/route/segments/etc
  • PATH_SEPARATOR_DOT: the key in the returned decision tree is of the form VERB.route.segments.etc

Output payload

The return payload for the options above may look like the following:

{
"GET/api/orders": {
"visible": true,
"enabled": true
}
}

Upgrading from v1

To upgrade from the v1 Policy Context, see this topic.