Aserto is a cloud-native authorization platform that allows you to avoid having to build your own access control solution and instead frees you up to focus on your core user experience. In this tutorial you will learn how to integrate the Aserto SDK in the context of an Express.js API that will interact with a React application.
Before we get started, let’s discuss two of Aserto's major components: the Authorizer and the Control Plane.
The Authorizer is where authorization decisions get made. It is an open source authorization engine which uses Open Policy Agent (OPA) to compute a decision based on policy, user context and resource data. In this tutorial we’re going to use the hosted version of this authorizer.
The Control Plane manages the lifecycle of policies, user context, and resource data that are used by the authorizer. The control plane makes it easy to manage these artifacts centrally, and takes care of the details of synchronizing them to the Authorizer instance(s) deployed at the edge. More specifically, it manages:
- Connections to external systems such as identity providers and source control systems
- References to registered authorization policies
- A user directory built from the identity providers its connected to
- A centralized log of aggregated decisions made by the Authorizer
At the core of Aserto’s authorization model is an authorization policy, which we refer to simply as a Policy. Policies are authored in a textual language called Rego, defined as part of the Open Policy Agent (OPA) project in the Cloud Native Computing Foundation.
We define the access control rules we want to enforce in our policy - as opposed to our application code. This is what's known as the "Policy-as-Code" approach, where authorization logic is decoupled from application logic.
Policies are treated just like application code or infrastructure-as-code - they are stored and versioned in a git repository. We’re going to define and see the policy in action later in this tutorial.
When you’ve completed this tutorial you'll have learned how to:
- Create a React application with authentication using
- Set up a simple Express.js application with authentication middleware and define a protected route
- Create and modify a very simple authorization policy
- Integrate the Aserto Authorization Express.js SDK to enable fine grained access control
- Conditionally render UI elements based on user access
To get started, you’re going to need:
- Node.JS and Yarn installed on your machine
- Aserto account and credentials (if you don't have one, sign up here!)
- Your favorite code editor
To get started, let's add users to your Aserto directory. We'll need these users to test our application and authorization policy.