This extension can be used to communicate with SpiceDB Authorization Engine using HTTP requests to enable fine-grained authorization for WSO2 Identity Server. This implementation enables the ability to perform authorization checks and search objects(Resources, Subjects or Actions) from SpiceDB and send back to WSO2 Identity Server.
-
Install and set up a SpiceDB instance using a way you prefer. Click here to see the available options and set up instructions.
-
Go to
deployment.toml
file in the WSO2 Identity Server pack([HOME]/repository/conf/deployment.toml)
and add the following configurations.[fgaEngineConfig] # The URL of the spiceDB instance (e.g. http://localhost:8443/) BasePath = "<base_path>" [fgaEngineConfig.authentication] # the gRPC Pre Shared Key to use when connecting to the spiceDB instance PreSharedKey ="Bearer <pre_shared_key>"
-
Build this repository and get the
.jar
file fromcomponents/org.wso2.carbon.identity.authz.spicedb/target
. -
Add the
.jar
file to[HOME]/repository/components/dropins
folder in Identity Server pack. -
Restart WSO2 Identity Server.
If you want to build identity-authz-spicedb from the source code:
- Install Java 11 (or Java 17)
- Install Apache Maven 3.x.x (https://maven.apache.org/download.cgi#)
- Get a clone or download the source from this repository (https://github.com/wso2-extensions/identity-authz-spicedb)
- Run the Maven command
mvn clean install
from theidentity-authz-spicedb
directory.