This extension can be used to communicate with spiceDB authorization engine using HTTP requests to enable fine-grained authorization for WSO2 Identity Server. This implementation enables the ability to perform authorization checks and manipulate authorization data including the authorization schema which defines the authorization model.
- Install and set up a spiceDB instance using a way you prefer. Click here to see the available options and set up instructions.
- Go to
identity-authz-spicedb/components/org.wso2.carbon.identity.application.authz.spicedb/src/main/java/org/wso2/ carbon/identity/ application/authz/spicedb/constants/SpiceDbConstants.javaand change the FieldBASE_URLto your base url. (If you are running onlocalhost:8443port this step is not necessary.) - Stay in the same file and add the gRPC pre shared key you created with the spiceDB instance to the
PRE_SHARED_KEYfield. - Build this repository and get the
.jarfile fromidentity-authz-spicedb\target. - Add the
.jarfile to\repository\components\dropinsfolder in wso2is pack. - Restart WSO2 Identity Server.
If you want to build identity-authz-spicedb from the source code:
- Install Java 11 (or Java 17)
- Install Apache Maven 3.x.x (https://maven.apache.org/download.cgi#)
- Get a clone or download the source from this repository (https://github.com/wso2-extensions/identity-authz-spicedb)
- Run the Maven command
mvn clean installfrom theidentity-authz-spicedbdirectory.