Cannot attenuate a token to provide a valid auth when using "tmp"

[aurrelhebert]

Here is my code (scala) with the last release of biscuit Java (2.2.0):

// Create a new Biscuit
// (1) val biscuit: Biscuit = create_token_with_fact(root, "user(\"allow\")")
// (2) val biscuit: Biscuit = create_token_with_fact(root, "user(\"user\")")
val biscuit: Biscuit = create_token_with_fact(root, "user(\"tmp\")")

// Add a check to reduce biscuit rights
val block = biscuit.create_block
// (3) 
block.add_check("check if right(\"allow\", \"true\")")

// load attenuated biscuit
val attenuatedBiscuit: Biscuit = biscuit.attenuate(rng, keyPair, block.build())

// apply Authorizer
val authorizer: Authorizer =  new Authorizer
authorizer.add_fact("right(\"allow\", \"true\")")
authorizer.add_token(attenuatedBiscuit)

// Debug print
println(attenuatedBiscuit.print)
println(authorizer.print_world())

// (4) authorizer.add_check("check if right(\"allow\", \"true\")")

authorizer.allow
authorizer.authorize(new RunLimits(500, 100, Duration.ofMillis(500)))

Basically when running this code I do get the following error:

Err(FailedLogic(Unauthorized( policy = Allow(0) errors = [Block(FailedBlockCheck {"Block":{"block_id":1,"check_id":0,"rule":"check if right(\"true\", \"tmp\")"}})])))
    at com.clevercloud.biscuit.token.Authorizer.authorize(Authorizer.java:437)

This seems to be due to the fact that I use the tmpstring as fact value for my user. When using or (1) or (2) instead of the fact user(\"tmp\"), then my code works.

However this happen only when attenuating a token as when I comment the line below (3) and uncomment (4), then the test is working correctly.

[KannarFr]

To create an authorizer, with the biscuit's world, you should use <biscuit>.authorizer() method.

[aurrelhebert]

Indeed closing the issue

Instead of

val authorizer: Authorizer =  new Authorizer

I should have done

val authorizer: Authorizer = attenuatedBiscuit.authorizer()

Ty :)