https://cerbos.dev logo
#help
Title
# help
r

Rick W.

10/09/2023, 5:46 PM
Are there plans to allow other 'aux' data sources (other than JWT)? It would be nice if we could supply arbitrary structured data in a sideband manner, which aux would be perfect for; rather than having to merge it into either principal or resource attributes. It would make for a much cleaner way to inject runtime metadata like captcha-verification results that could be utilized by policy conditions
s

Sam Lock (Cerbos)

10/10/2023, 10:12 AM
Hi Rick, a similar question came up recently. Quoting Charith:
AuxData is currently only for JWTs. The reason we don't support additional free-form data in there is because then it adds an extra dimension making it a bit more difficult to decide where data should go. Your colleagues might have different ideas to yours and design their policies differently and then it starts to get messy. So we only support free-form data under principal or resource only. In practice, most data points at least have a passing relationship to either the principal or the resource so we sacrifice a bit of purity for simplicity.