Hello everyone, Glad to be here. For the people who have been using cerbos in their applications - We know Cerbos requires Principal, Action and Resource to evaluate the policy. How are you fetching Resource info to pass on to Cerbos? Is each of your service making a call to external system to fetch the resource or are you making it as part of the token? In case of token when a user request passes through many services (in microservices world), it will try to access various resources e.g. BFF API POST action to Domain API POST which will be completely different service. In such cases if element of BFF is considered a resource and element of Domain API is considered another resource then there are multiple resources that need to stay in the token and it may cause the token bloat. I was wondering what are you using to handle end to end authorization for a user request without token bloat and additional performance overhead of fetching the resource info from external systems thus slowing the authorization process down?
Alex Olivier (Cerbos)
02/16/2023, 5:55 PM
Hey @Sunil I saw your response in the other threads. Did that answer your question?