Oso is a batteries-included library for building authorization in your application.

Overview

Oso

Development GitHub release (latest SemVer) Go version Maven version NPM version PyPI version RubyGems version Crates.io version Slack

What is Oso?

Oso is a batteries-included library for building authorization in your application.

Oso gives you a mental model and an authorization system – a set of APIs built on top of a declarative policy language called Polar, plus a debugger and REPL – to define who can do what in your application. You can express common concepts from “users can see their own data” and role-based access control, to others like multi-tenancy, organizations and teams, hierarchies and relationships.

Oso lets you offload the thinking of how to design authorization and build features fast, while keeping the flexibility to extend and customize as you see fit.

Developers can typically write a working Oso policy in <5 minutes, add Oso to an app in <30 minutes, and use Oso to solve real authorization problems within a few hours. To get started, you add the library to your application, create a new Oso instance and load an Oso policy. You can mix and match any of Oso’s authorization APIs to implement features like roles with custom policies that you write to suit your application.

Oso is ideal for building permissions into user-facing applications, but you can check out Use Cases to learn about other applications for Oso.

Oso currently offers libraries for Java, Node.js, Python, Ruby, Rust and Go.

Getting started

To get up and running with Oso, check out the Getting Started guides in the Oso documentation.

If you have questions, need help getting started, or want to discuss anything about the product, your use case, or authorization more generally, join us on Slack.

Development

Core

Oso's Rust core is developed against Rust's latest stable release.

Language libraries

Oso's language libraries can be developed without touching the Rust core, but you will still need the Rust stable toolchain installed in order to build the core.

To build the WebAssembly core for the Node.js library, you will need to have wasm-pack installed and available on your system PATH.

Language requirements

To work on a language library, you will need to meet the following version requirements:

  • Java: 10+
    • Maven: 3.6+
  • Node.js: 10.14.2+
    • Yarn 1.22+
  • Python: 3.6+
  • Ruby: 2.4+
    • Bundler 2.1.4+
  • Rust: 1.46+
  • Go: 1.12+

Contributing

See: CONTRIBUTING.md.

License

See: LICENSE.

Share your story

We'd love to hear about your use case and experience with Oso. Share your story on Twitter or fill out this form for some Oso swag.

You might also like...

The official, opinionated, batteries-included toolset for efficient Redux development

Redux Toolkit The official, opinionated, batteries-included toolset for efficient Redux development (Formerly known as "Redux Starter Kit") Installati

Jan 8, 2023

Batteries-included, zero-config Ionic integration for Nuxt

Nuxt Ionic Ionic integration for Nuxt ✨ Changelog 📖 Read the documentation ▶️ Online playground Features ⚠️ nuxt-ionic is currently a work in progres

Dec 28, 2022

A solid create-remix app, that applies best practices into a clean, batteries included template. SQLite version. Deploys to Fly.io

A solid create-remix app, that applies best practices into a clean, batteries included template. SQLite version. Deploys to Fly.io

Remix Barebones Stack npx create-remix --template dev-xo/barebones-stack A solid create-remix app, that follows community guidelines and applies best

Dec 30, 2022

An OAuth2 Authorization Server,Based on Spring Authorization Server

🚀 id-server 一个基于Spring Authorization Server的开源的授权服务器。 概念 一些概念 OAuth2Client 客户端指的是OAuth2 Client,但又不单单是一个OAuth2 Client,连id server本身都是一个客户端。 role 角色必须依附

Dec 30, 2022

Grupprojekt för kurserna 'Javascript med Ramverk' och 'Agil Utveckling'

JavaScript-med-Ramverk-Laboration-3 Grupprojektet för kurserna Javascript med Ramverk och Agil Utveckling. Utvecklingsguide För information om hur utv

May 18, 2022

Hemsida för personer i Sverige som kan och vill erbjuda boende till människor på flykt

Getting Started with Create React App This project was bootstrapped with Create React App. Available Scripts In the project directory, you can run: np

May 3, 2022

Kurs-repo för kursen Webbserver och Databaser

Webbserver och databaser This repository is meant for CME students to access exercises and codealongs that happen throughout the course. I hope you wi

Jan 3, 2023

Firebase Angular Skeleton - Quickly create an application with a fully functional authentication, authorization and user management system.

Firebase Angular Skeleton - Quickly create an application with a fully functional authentication, authorization and user management system.

FAngS - Firebase Angular Skeleton FAngS lets you quickly create an application with a fully functional authentication, authorization and user manageme

Sep 21, 2022

Typr is a full-stack web application designed for new developers to improve their typing skills. User Authentication, Multiplayer, and Statistics included.

Typr is a full-stack web application designed for new developers to improve their typing skills. User Authentication, Multiplayer, and Statistics included.

Typr Typr is a full-stack web application designed for new developers to improve their typing skills. It includes Javascript, Ruby and Python typing p

May 12, 2022

CASL is an isomorphic authorization JavaScript library which restricts what resources a given user is allowed to access

CASL is an isomorphic authorization JavaScript library which restricts what resources a given user is allowed to access

CASL (pronounced /ˈkæsəl/, like castle) is an isomorphic authorization JavaScript library which restricts what resources a given user is allowed to ac

Dec 31, 2022

An authorization library that supports access control models like ACL, RBAC, ABAC in Node.js and Browser

An authorization library that supports access control models like ACL, RBAC, ABAC in Node.js and Browser

Node-Casbin News: still worry about how to write the correct node-casbin policy? Casbin online editor is coming to help! node-casbin is a powerful and

Dec 27, 2022

A Node.js library for retrieving data from a PostgreSQL database with an interesting query language included.

RefQL A Node.js library for retrieving data from a PostgreSQL database with an interesting query language included. Introduction RefQL is about retrie

Nov 2, 2022

An authorization library that supports access control models like ACL, RBAC, ABAC in modern JavaScript platforms

An authorization library that supports access control models like ACL, RBAC, ABAC in modern JavaScript platforms

Casbin-Core 💖 Looking for an open-source identity and access management solution like Okta, Auth0, Keycloak ? Learn more about: Casdoor News: still w

Oct 20, 2022

This is a simple web based media player for playing video and audio. Build with pure HTML, CSS and Javascript. No framework or library included.

Aim-Player This is a simple web based media player for playing video and audio. Build with pure HTML, CSS and Javascript. No framework or library incl

Jun 27, 2021

Template Repository for making your own budder Module. CORE is not included, this is just for the module.

A quick copy of the "How to make your own module" section Check out the official budderAPI repository Template Repository for making your own budder M

Apr 3, 2022

A web component that allows you to run high level programming languages on your websites (static websites included!)

Code-Runner-Web-Component A web component that allows you to run high level programming languages on your website via the public Piston API Show your

Dec 16, 2022

The authentication-server is a node app that handles user registration, authentication & authorization with JWT.

The authentication-server is a node app that handles user registration, authentication & authorization with JWT.

Authentication Server The authentication-server is a node app that handles user registration, authentication & authorization with JWT. Here is the REP

Jul 24, 2022

Example project implementing authentication, authorization, and routing with Next.js and Supabase

Example project implementing authentication, authorization, and routing with Next.js and Supabase

Magic Link Authentication and Route Controls with Supabase and Next.js To run this project, To get started with this project, first create a new proje

Dec 11, 2022
Comments
  • Oso does not support Kotlin data classes

    Oso does not support Kotlin data classes

    Hey 👋 Finally getting around to trialing Oso as an auth solution for a Kotlin application that I'm building.

    However, it seems that Oso does not support Kotlin data classes :( Or, as is always possible... I'm just doing something dumb

    I am trying to emulate the Java quickstart example, with a User trying to read from a repository.

    I have the following models

    data class Repo(
      val id: UUID,
      val name: String,
      val isPublic: Boolean
    )
    
    data class User (
      val id: UUID,
      val email: String,
      val repoRoles: List<RepoRole>
    )
    

    I have set up OSO with the following

    private val oso: Oso = Oso()
    
    init {
      // On a tangent... it doesn't seem to even load 
      // unless I explicitly repeat the class name as the second param
      oso.registerClass(Repo::class.java, "Repo")
      oso.registerClass(User::class.java, "User")
      oso.loadStr(
        """
    allow(actor, action, resource) if
    has_permission(actor, action, resource);
    
    actor User {}
    
    resource Repo {
    permissions = ["read", "push", "delete"];
    roles = ["contributor", "maintainer", "admin"];
    
    "read" if "contributor";
    "push" if "maintainer";
    "delete" if "admin";
    
    "maintainer" if "admin";
    "contributor" if "maintainer";
    }
    
    # This rule tells Oso how to fetch roles for a Repo
    has_role(actor: User, role_name: String, Repo: Repo) if
    role in actor.repoRoles and
    role_name = role.name and
    Repo = role.Repo;
    
    has_permission(_actor: User, "read", Repo: Repo) if
    Repo.isPublic;
    
    allow(actor, action, resource) if
    has_permission(actor, action, resource);
    """.trimIndent()
      )
    }
    

    Just as a test, I have created a repo with isPublic=true with name test. However, when I run the following

    fun readByName(name: String): RepoModels.Response {
        val result = Repo(
          id = UUID.randomUUID(),
          name = name,
          isPublic = true
        )
        val user = User(
          id = UUID.randomUUID(),
          email = "[email protected]",
          repoRoles = listOf(RepoRole(role = "admin", repo = result))
        )
        oso.authorize(user, "read", result)
        return RepoModels.Response.fromRepo(result)
      }
    

    I get an authorization error from oso

    com.osohq.oso.Exceptions$NotFoundException: Oso NotFoundException -- The current user does not have permission to read the given resource. You should handle this error by returning a 404 error to the client.
    	at com.osohq.oso.Oso.authorize(Oso.java:110)
    	at com.osohq.oso.Oso.authorize(Oso.java:118)
    	at io.bkbn.sourdough.api.service.RepoService.readByName(RepoService.kt:81)
            // ...
    

    If it helps, I have pushed all of this code to a repo https://github.com/bkbnio/oso-poc Instructions in the README for how to run the app. If you have any issues with getting it set up just let me know :)

    You can emulate this error by running GET localhost:8080/repo?name=test

    opened by unredundant 0
  • [python] Allow use of other JSON encoder/decoders

    [python] Allow use of other JSON encoder/decoders

    Thanks for oso!

    It would be lovely if there was a simple way for polar to make use of other, more performant JSON encoder/decoder libraries.

    For example, by monkeypatching the rust-based orjson into polar.(cffi|query|errors), I've observed calls to json.loads pretty much disappearing into noise when profiled with pyinstrument, whereas previously it was rather pronounced.

    opened by bollwyvl 2
  • Fix macro namespacing and serialization bugs

    Fix macro namespacing and serialization bugs

    Though polar_core macros are exposed publicly, they are not usable without importing polar_core::* since they expect other polar_core macros to be in scope. Using $crate references as appropriate fixes this. Also, fix a Value::String string injection bug and Operator::Dot bug causing incorrect serialization when the second argument is a Value::String that requires quotes.

    PR checklist:

    • [x] Added changelog entry.
    opened by onalante-msft 3
  • Update django-oso to use automatic AppConfig discovery for Django 3.2+

    Update django-oso to use automatic AppConfig discovery for Django 3.2+

    Update django-oso to use automatic AppConfig discovery for Django 3.2+ which avoids RemovedInDjango41Warning: 'django_oso' defines default_app_config = 'django_oso.apps.DjangoOsoConfig'. Django now detects this configuration automatically. You can remove default_app_config. warning. See https://docs.djangoproject.com/en/3.2/releases/3.2/#automatic-appconfig-discovery

    opened by devmonkey22 1
Releases(v0.26.4)
Owner
Oso
Putting security into the hands of developers
Oso
CASL is an isomorphic authorization JavaScript library which restricts what resources a given user is allowed to access

CASL (pronounced /ˈkæsəl/, like castle) is an isomorphic authorization JavaScript library which restricts what resources a given user is allowed to ac

Sergii Stotskyi 4.5k Dec 31, 2022
An authorization library that supports access control models like ACL, RBAC, ABAC in Node.js and Browser

Node-Casbin News: still worry about how to write the correct node-casbin policy? Casbin online editor is coming to help! node-casbin is a powerful and

Casbin 2.1k Dec 27, 2022
The authentication-server is a node app that handles user registration, authentication & authorization with JWT.

Authentication Server The authentication-server is a node app that handles user registration, authentication & authorization with JWT. Here is the REP

Oğuz Çolak 18 Jul 24, 2022
Tutorial Project : NodeJs API Multi Authorization Middleware with JWT

Tutorial How to Create API with multi route prefixs as well as Multi Authorization in NodeJs Installation npm install .env modify database informatio

Aung Kyaw Nyunt 10 Dec 10, 2022
Boilerplate next.js app demonstrating how to implement authorization mechanisms using Permify

Permify Next.js Authorization Demo App This demo app shows how to implement authorization mechanisms to your Next.js application using Permify Node SD

Permify 7 Apr 22, 2022
Building an API on nodejs with registration system, authentication, CRUD of projects and tasks.

api-token-express Building an API on nodejs with registration system, authentication, CRUD of projects and tasks. API endpoints POST { "username":

MrDiniz 4 Jan 15, 2022
This project shows how you can easily jwt protect your endpoints in web api apps built with node js.

JWT Protected NodeJs API This project shows how you can easily jwt protect your endpoints in web api apps built with node js. It is an easy and simple

Cihat Girgin 3 Oct 19, 2021
An easy to use authentication system that can easily be built in to your Express + HBS web apps.

yoAuth An easy to use authentication system that can easily be built in to your Express + HBS web apps. Currently only supports local authentication,

null 2 Jan 21, 2022
This package allows you to use Okta as your identity provider for use with Netlify's Role-based access control with JWT.

netlify-okta-auth This package allows you to use Okta as your identity provider for use with Netlify's Role-based access control with JWT. Who is this

Twilio Labs 8 Sep 17, 2022
EveryAuth is the easiest way for your app to access APIs like Slack, Salesforce, or Github.

EveryAuth EveryAuth is the easiest way for your app to access APIs like Slack, Salesforce, or Github. import everyauth from "@fusebit/everyauth-expres

Fusebit 13 Dec 12, 2022