Also thinking about going with Auth0 for authn, bu...
# communitys
Steve High (NTWRK)
09/27/2021, 7:53 PMAlso thinking about going with Auth0 for authn, but not sure yet'
e
Emre (Cerbos)
09/27/2021, 7:54 PM
Cerbos does not provide AuthN, but works with whatever solution you have in place.
Emre (Cerbos)
09/27/2021, 7:54 PM
Have you had a chance to look at our GraphQL demo? https://github.com/cerbos/demo-graphql
Emre (Cerbos)
09/27/2021, 7:55 PM
There is a 5 minute video at the end of the readme.
s
Steve High (NTWRK)
09/27/2021, 7:56 PMI took a look at it. Will probably dig into more detail after i grok the main concepts. right now just going through the policy docs and applying them to my domains
e
Emre (Cerbos)
09/27/2021, 7:57 PM
Please let us know if you need help in modeling your domain/resources. We’d be more than happy to help you out using our playground (https://cerbos.dev/playground). It is very handy to test new policies.
s
Steve High (NTWRK)
09/27/2021, 7:58 PMyeah that's pretty awesome. I'm in there now.
Steve High (NTWRK)
09/27/2021, 7:58 PMI did have a question about some policy info...
e
Emre (Cerbos)
09/27/2021, 7:59 PM
Shoot!
s
Steve High (NTWRK)
09/27/2021, 7:59 PMfor derived roles, im seeing checks that look something like
request.resource.attr.owner == request.principal.idSteve High (NTWRK)
09/27/2021, 7:59 PMwhere are those entities defined? the IDP?
e
Emre (Cerbos)
09/27/2021, 7:59 PM
Yes, the parent role is the role that IDP knows about.
Emre (Cerbos)
09/27/2021, 8:00 PM
The derived role is the context enriched role. Based on the context, you can define and use new roles within Cerbos
Emre (Cerbos)
09/27/2021, 8:00 PM
I’d higly recommend you to watch the Python Demo video. It explains and demos the concept there.
s
Steve High (NTWRK)
09/27/2021, 8:00 PMis that the one at the end og the GQL readme?
e
Emre (Cerbos)
09/27/2021, 8:01 PM
https://github.com/cerbos/demo-python Video is at the bottom of the Readme.
s
Steve High (NTWRK)
09/27/2021, 8:01 PMperfect
e
Emre (Cerbos)
09/27/2021, 8:01 PM
s
Steve High (NTWRK)
09/27/2021, 8:01 PMthanks! im sure i'll have more questions in a bit 🙂
e
Emre (Cerbos)
09/27/2021, 8:01 PM
Out of curiosity, how did you hear about Cerbos?
s
Steve High (NTWRK)
09/27/2021, 8:02 PMI was looking for off-the-shelf permissions modeling and somehow landed here: https://alexolivier.me/posts/the-never-ending-product-requirements-of-user-authorization
🎉 1
e
Emre (Cerbos)
09/27/2021, 8:03 PM
Great! Alex is our product lead.
s
Steve High (NTWRK)
09/27/2021, 8:04 PMi was thinking of using Auth0 for authn and authz, but it looked a little messy. They are two totally separate concerns. What piqued my interest was policies-as-code.
Steve High (NTWRK)
09/27/2021, 8:05 PMour org needs to create a lot of ad-hoc and time-bound permissions, so this would work well with our workflow
e
Emre (Cerbos)
09/27/2021, 8:06 PM
Please let us know if we can help in any way at any point. If you need to speak to us, please feel free to book some time here:
Emre (Cerbos)
09/27/2021, 8:07 PM
Emre (Cerbos)
09/27/2021, 8:07 PM
We’d be more than happy to tell you more about Cerbos. (and it gives us the opportunity to learn more about your domain)
s
Steve High (NTWRK)
09/27/2021, 8:07 PMgonna do that!
e
Emre (Cerbos)
09/27/2021, 8:08 PM
Looking forward to it.
4 Views