Input values

When any Authorize command is ran, the following values are added to the input:

Input values

Value

Description

input.subject

The current user

input.subject.name

The current user name, translated from claimsPrincipal.Identity.Name

input.subject.claims[_]

A dictionary of the current user claims

input.subject.claims.{claimsName}[_]

An array of the values on a specfic claim.

input.subject.isAuthenticated

Is the current user authenticated or not.

input.operation

The operation name set when configuring the policy.

input.request

Contains an object with information of the current http request

input.request.path[]

Contains an array of the url path which is split by ‘/’, example: “test/testing” becomes [“test”, “testing”]

input.request.routeValues[]

A key value set that contains routing values

input.request.query[]

A key value set that contains query variables in the url.

input.request.method

The http method used in the request, GET, POST, etc.

input.resource

On single resource authorization, this contains the resource that is being authorized.

Important to note is that all objects are camelCase serialized, so a property under resource for instance will be in camelCase.

Request Route Values

input.request.routeValues can contain useful information that does not exist in the path variable. An example structure can look as following:

{
  "controller": "Data",
  "action": "Index",
  "id": 123
}

In the example above one could do the following check: input.request.routeValues.id == 123

Request Query

input.request.query is implemented as a dictionary with a list of values. Given the following url: http://example.com?test=1&test=2 the value would be:

{
  "test": [
    "1",
    "2"
  ]
}

Type specific

This part contains information of any C# part that requires extra explanation when used as the input.

Enums

An enum value is always converted to a string when used in an input, example:

C# enum:

private enum Enum
{
    Value1 = 0,
    Value2 = 1
}

Policy:

package example

default allow = false
allow {
  input.value = ""Value1""
}

Will give the correct result while

package example

default allow = false
allow {
  input.value = 0
}

Will result in a failure.