allow customizing base world & syms for authorizer

biscuit-auth / biscuit-go

Apache License 2.0

75 stars 22 forks source link

allow customizing base world & syms for authorizer #108

Closed jvatic closed 1 year ago

jvatic commented 1 year ago

I've run into some cases where the default world max duration wasn't quite enough, resulting in intermittent failures. This PR exposes options to the caller to override the default limits (and for completeness, the default symbol table).

e.g.

b, err := biscuit.Unmarshal(token)
// ...

authorizer, err := b.Authorizer(
    publicRoot,
    biscuit.WithBaseWorld(
        datalog.NewWorld(
            datalog.WithMaxDuration(3 * time.Millisecond),
        ),
    ),
)
// ...

jvatic commented 1 year ago

(rebased to get checks passing)

Geal commented 1 year ago

making it more configurable is a good idea! We're moving away from making the default symbol table configurable though, this makes interoperability a lot harder.

Geal commented 1 year ago

would it be possible to make parameters like timeout configurable without setting the entire base world?

jvatic commented 1 year ago

would it be possible to make parameters like timeout configurable without setting the entire base world?

Yup! Are you thinking something like this?

func WithWorldOptions(opts ...datalog.WorldOption) AuthorizerOption {
// ...
}

Geal commented 1 year ago

alright, sounds good!