/okta-role-manager

Okta role manager for Casbin

Primary LanguageGoApache License 2.0Apache-2.0

Okta Role Manager Build Status Coverage Status Godoc

Okta Role Manager is the Okta role manager for Casbin. With this library, Casbin can load role hierarchy (user-role mapping) from Okta or save role hierarchy to it (NOT Implemented).

Installation

go get github.com/casbin/okta-role-manager

Simple Example

package main

import (
	"github.com/casbin/casbin"
	"github.com/casbin/okta-role-manager"
)

func main() {
	// This role manager dose not rely on Casbin policy. So we should not
	// specify grouping policy ("g" policy rules) in the .csv file.
	e := casbin.NewEnforcer("examples/rbac_model.conf", "examples/rbac_policy.csv")

	// Use our role manager.
	// orgName is your organization name.
	// apiToken is the token you created in the Admin portal.
	// For example, if your domain name is like: dev-123456.oktapreview.com,
	// then your orgName is dev-123456, isProductionOrPreview is false.
	// If your domain name is like: company_name.okta.com, then your orgName
	// is company_name, isProductionOrPreview is true.
	rm := oktarolemanager.NewRoleManager("dev-000000", "your_api_token", false)
	e.SetRoleManager(rm)

	// If our role manager relies on Casbin policy (like reading "g"
	// policy rules), then we have to set the role manager before loading
	// policy.
	//
	// Otherwise, we can set the role manager at any time, because role
	// manager has nothing to do with the adapter.
	e.LoadPolicy()
	
	// Check the permission.
	// Casbin's subject (user) name uses the Okta user's login field (aka Email address).
	// Casbin's role name uses the Okta group's name field (like "Admin", "Everyone").
	e.Enforce("alice@test.com", "data1", "read")
}

Getting Help

License

This project is under Apache 2.0 License. See the LICENSE file for the full license text.