Authorizer Client

AuthorizerClient is the low-level interface that talks to the Aserto authorization API. It can be used on its own to make authorization calls or, more commonly, it can be used to create authorization middleware.

Create a Client

import (
    authz "github.com/aserto-dev/aserto-go/authorizer/grpc"
    "github.com/aserto-dev/aserto-go/client"
)

...

authClient, err := authz.New(
        ctx,
        client.WithAPIKeyAuth("<Aserto authorizer API key"),
        client.WithTenantID("<Aserto tenant ID>"),
)

Make Authorization Calls

Using an authorizer client we can call the Is() API to check if a user is authorized to perform an operation.

import (
    "fmt"

    "github.com/aserto-dev/go-grpc-authz/aserto/authorizer/authorizer/v1"
    "github.com/aserto-dev/go-grpc/aserto/api/v1"
)

...

result, err := authClient.Is(ctx, &authorizer.IsRequest{
    IdentityContext: &api.IdentityContext{          // The user performing the operation.
        Type: api.IdentityType_IDENTITY_TYPE_SUB,
        Identity: "username",
    },
    PolicyContext: &api.PolicyContext{
        Id:        "<Aserto Policy ID>",
        Path:      "peoplefinder.GET.users",  // Policy module to evaluate.
        Decisions: []string{"allowed"},       // Policy rules to evaluate.
    },
})
if err != nil {
    log.Fatal("Failed to call authorizer:", err)
}

// Check the authorizer's decision.
for _, decision := range result.Decisions {
    if decision.Decision == "allowed" {
        if decision.Is {
            fmt.Println("Access granted")
        } else {
            fmt.Println("Access denied")
        }
    }
}

We can similarly call the DecisionTree() and Query() APIs.

Authorizer Client

Create a Client​

Make Authorization Calls​

Create a Client

Make Authorization Calls