Skip to main content

Authorizer Client

AuthorizerClient is the low-level interface that talks to the Aserto authorization API. It can be used on its own to make authorization calls or, more commonly, it can be used to create authorization middleware.

Create a Client#

import (    authz "github.com/aserto-dev/aserto-go/authorizer/grpc"    "github.com/aserto-dev/aserto-go/client")
...
authClient, err := authz.New(        ctx,        client.WithAPIKeyAuth("<Aserto authorizer API key"),        client.WithTenantID("<Aserto tenant ID>"),)

Make Authorization Calls#

Using an authorizer client we can call the Is() API to check if a user is authorized to perform an oeration.

import (    "fmt"
    "github.com/aserto-dev/go-grpc-authz/aserto/authorizer/authorizer/v1"    "github.com/aserto-dev/go-grpc/aserto/api/v1")
...
result, err := authClient.Is(ctx, &authorizer.IsRequest{    IdentityContext: &api.IdentityContext{          // The user performing the operation.        Type: api.IdentityType_IDENTITY_TYPE_SUB,        Identity: "username",    },    PolicyContext: &api.PolicyContext{        Id:        "<Aserto Policy ID>",        Path:      "peoplefinder.GET.users",  // Policy module to evaluate.        Decisions: []string{"allowed"},       // Policy rules to evaluate.    },})if err != nil {    log.Fatal("Failed to call authorizer:", err)}
// Check the authorizer's decision.for _, decision := range result.Decisions {    if decision.Decision == "allowed" {        if decision.Is {            fmt.Println("Access granted")        } else {            fmt.Println("Access denied")        }    }}

We can similarly call the DecisionTree() and Query() APIs.