Skip to content

Latest commit

 

History

History
35 lines (26 loc) · 2.18 KB

File metadata and controls

35 lines (26 loc) · 2.18 KB

Authorizer Use-Case Examples

Beyond the framework quickstarts (with-react, with-nextjs, with-vue, with-go, with-python, …), these examples each demonstrate one authentication / authorization capability end to end. Most machine-identity examples require an Authorizer server built from main (make dev in the server repo) — each README states its prerequisites.

Machine & agent identity

Example What it shows
with-m2m-client-credentials A background worker authenticating as itself: register a service account (_create_client), then the OAuth2 client_credentials grant with scope ceilings
with-token-exchange-delegation RFC 8693 token exchange: an agent acts on behalf of a user with a short-lived, down-scoped, resource-bound token carrying the act claim
with-agent-delegation Multi-hop AI-agent delegation chains built on token exchange
with-k8s-tokenreview Kubernetes workloads authenticating with service-account tokens (RFC 7523 client_assertion, TokenReview)
with-spiffe SPIFFE/SPIRE workload identity as the client credential

Fine-grained authorization (FGA)

Example What it shows
with-fga-permissions ReBAC basics: author a model and tuples via the admin _fga_* API, then check_permissions / list_permissions as a user
with-fga-advanced Advanced modeling patterns: groups, hierarchies, conditions

Protocols & architecture

Example What it shows
with-openid-connect Standard OIDC authorization-code flow against Authorizer as the IdP
with-microservices Token validation across multiple services

Enterprise / organizations

Example What it shows
with-org-sso-oidc Per-organization SSO via an upstream OIDC provider
with-org-saml Per-organization SSO via SAML
with-scim SCIM user provisioning / deprovisioning