AuthZen - Add Support for Request Context
independentid opened this issue · 2 comments
See: https://github.com/openid/authzen/blob/main/api/authorization-api-1_0.md#context
Add support for "context" (to be defined by OpenID AuthZen)
Having a consistent representation of the http request and headers received by the application makes it dramatically easier to write policy conditions. If the policy writer has to know what the application will give in advance, it leads to tightly coupled policy systems and applications.
IOW. Context should be defined and sent every time because the app owner doesn't know the specific policy rules are now how they will change.
This feels like an important benefit for authzen.
In IDQL with OPA we are currently sending a common request object (ReqParams)...
https://github.com/hexa-org/policy-opa/blob/main/client/hexaOpaClient/hexaOpaClientTools.go