Open Tipnos opened 11 months ago
Thanks! I'm not sure how much of this is intended behaviour or not.
In any case, it should be properly documented.
I'm just getting my feet wet with this crate, so weight my comment accordingly.
I think the current behavior is desirable, and if different semantics are needed, I think an additional or alternative query method should be provided for that.
Here's my scenario:
The base token includes some facts (such as a list of resources that are to be updated as part of an operation) that I can trust, because they were put into the token by the original token issuer.
In my endpoint I plan to use the query method to extract those facts from the base token and use those to determine which resources my endpoint should operate on. This way my endpoint doesn't accept any additional parameters from the client; it will only operate on the trusted facts in the token. Additional appended facts are not to be trusted; these are the same semantics as described and illustrated in https://doc.biscuitsec.org/reference/datalog#block-scoping
Below an example showing the issue:
It looks like
query
don't lookup on facts added withauthorizer_merge!