{"id":23772,"date":"2019-02-01T12:15:16","date_gmt":"2019-02-01T10:15:16","guid":{"rendered":"https:\/\/www.webcodegeeks.com\/?p=23772"},"modified":"2019-01-31T11:10:37","modified_gmt":"2019-01-31T09:10:37","slug":"opa-http-authorization","status":"publish","type":"post","link":"https:\/\/www.webcodegeeks.com\/python\/opa-http-authorization\/","title":{"rendered":"OPA for HTTP Authorization"},"content":{"rendered":"\n<p>Open Policy Agent[1] is a promising, light weight and very generic policy engine to govern authorization is any type of domain. I found this comparion[2] very attractive in evaluating OPA for a project I am currently working on, where they demonstrate how OPA can cater same functionality defined in RBAC, RBAC with Seperation of Duty, ABAC and XACML.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Here are the steps to a brief demonstration of OPA used for HTTP API authorization based on the sample [3], taking it another level up.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Running OPA Server<\/h2>\n\n\n\n<p>First we need to download OPA from [4], based on the operating system we are running on.&nbsp;<\/p>\n\n\n\n<p>For linux,<br><code>\u00a0<\/code><\/p>\n\n\n\n<div>\n<div id=\"highlighter_811816\" class=\"syntaxhighlighter  php\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"py plain\">curl -L -o opa https:<\/code><code class=\"php comments\">\/\/github.com\/open-policy-agent\/opa\/releases\/download\/v0.10.3\/opa_linux_amd64<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n\n\n\n<p>Make it executable,<\/p>\n\n\n\n<div>\n<div id=\"highlighter_543512\" class=\"syntaxhighlighter  php\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"py functions\">chmod<\/code> <code class=\"php plain\">755 .\/opa<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n\n\n\n<p>Once done, we can start OPA policy engine as a server.<\/p>\n\n\n\n<div>\n<div id=\"highlighter_955024\" class=\"syntaxhighlighter  php\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"py plain\">.\/opa run --server<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Define Data and Rules<\/h2>\n\n\n\n<p>Next we need to load data and authorization rules to the server, so it can make decisions. OPA defines these in files in the format of .rego. Below is a sample file I used.<\/p>\n\n\n\n<div>\n<div id=\"highlighter_952491\" class=\"syntaxhighlighter  php\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">01<\/div>\n<div class=\"line number2 index1 alt1\">02<\/div>\n<div class=\"line number3 index2 alt2\">03<\/div>\n<div class=\"line number4 index3 alt1\">04<\/div>\n<div class=\"line number5 index4 alt2\">05<\/div>\n<div class=\"line number6 index5 alt1\">06<\/div>\n<div class=\"line number7 index6 alt2\">07<\/div>\n<div class=\"line number8 index7 alt1\">08<\/div>\n<div class=\"line number9 index8 alt2\">09<\/div>\n<div class=\"line number10 index9 alt1\">10<\/div>\n<div class=\"line number11 index10 alt2\">11<\/div>\n<div class=\"line number12 index11 alt1\">12<\/div>\n<div class=\"line number13 index12 alt2\">13<\/div>\n<div class=\"line number14 index13 alt1\">14<\/div>\n<div class=\"line number15 index14 alt2\">15<\/div>\n<div class=\"line number16 index15 alt1\">16<\/div>\n<div class=\"line number17 index16 alt2\">17<\/div>\n<div class=\"line number18 index17 alt1\">18<\/div>\n<div class=\"line number19 index18 alt2\">19<\/div>\n<div class=\"line number20 index19 alt1\">20<\/div>\n<div class=\"line number21 index20 alt2\">21<\/div>\n<div class=\"line number22 index21 alt1\">22<\/div>\n<div class=\"line number23 index22 alt2\">23<\/div>\n<div class=\"line number24 index23 alt1\">24<\/div>\n<div class=\"line number25 index24 alt2\">25<\/div>\n<div class=\"line number26 index25 alt1\">26<\/div>\n<div class=\"line number27 index26 alt2\">27<\/div>\n<div class=\"line number28 index27 alt1\">28<\/div>\n<div class=\"line number29 index28 alt2\">29<\/div>\n<div class=\"line number30 index29 alt1\">30<\/div>\n<div class=\"line number31 index30 alt2\">31<\/div>\n<div class=\"line number32 index31 alt1\">32<\/div>\n<div class=\"line number33 index32 alt2\">33<\/div>\n<div class=\"line number34 index33 alt1\">34<\/div>\n<div class=\"line number35 index34 alt2\">35<\/div>\n<div class=\"line number36 index35 alt1\">36<\/div>\n<div class=\"line number37 index36 alt2\">37<\/div>\n<div class=\"line number38 index37 alt1\">38<\/div>\n<div class=\"line number39 index38 alt2\">39<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"php plain\">package httpapi.authz<\/code><\/div>\n<div class=\"line number2 index1 alt1\">&nbsp;<\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"py plain\">subordinates = {<\/code><code class=\"php string\">\"alice\"<\/code><code class=\"php plain\">: [], <\/code><code class=\"php string\">\"charlie\"<\/code><code class=\"php plain\">: [], <\/code><code class=\"php string\">\"bob\"<\/code><code class=\"php plain\">: [<\/code><code class=\"php string\">\"alice\"<\/code><code class=\"php plain\">], <\/code><code class=\"php string\">\"betty\"<\/code><code class=\"php plain\">: [<\/code><code class=\"php string\">\"charlie\"<\/code><code class=\"php plain\">]}<\/code><\/div>\n<div class=\"line number4 index3 alt1\">&nbsp;<\/div>\n<div class=\"line number5 index4 alt2\"><code class=\"php plain\"># HTTP API request<\/code><\/div>\n<div class=\"line number6 index5 alt1\"><code class=\"php plain\">import input <\/code><code class=\"php keyword\">as<\/code> <code class=\"php plain\">http_api<\/code><\/div>\n<div class=\"line number7 index6 alt2\"><code class=\"php plain\"># http_api = {<\/code><\/div>\n<div class=\"line number8 index7 alt1\"><code class=\"php plain\">#&nbsp;&nbsp; <\/code><code class=\"php string\">\"path\"<\/code><code class=\"php plain\">: [<\/code><code class=\"php string\">\"finance\"<\/code><code class=\"php plain\">, <\/code><code class=\"php string\">\"salary\"<\/code><code class=\"php plain\">, <\/code><code class=\"php string\">\"alice\"<\/code><code class=\"php plain\">],<\/code><\/div>\n<div class=\"line number9 index8 alt2\"><code class=\"php plain\">#&nbsp;&nbsp; <\/code><code class=\"php string\">\"user\"<\/code><code class=\"php plain\">: <\/code><code class=\"php string\">\"alice\"<\/code><code class=\"php plain\">,<\/code><\/div>\n<div class=\"line number10 index9 alt1\"><code class=\"php plain\">#&nbsp;&nbsp; <\/code><code class=\"php string\">\"method\"<\/code><code class=\"php plain\">: <\/code><code class=\"php string\">\"GET\"<\/code><\/div>\n<div class=\"line number11 index10 alt2\"><code class=\"php plain\">#&nbsp;&nbsp; <\/code><code class=\"php string\">\"user_agent\"<\/code><code class=\"php plain\">: <\/code><code class=\"php string\">\"cURL\/1.0\"<\/code><\/div>\n<div class=\"line number12 index11 alt1\"><code class=\"php plain\">#&nbsp;&nbsp; <\/code><code class=\"php string\">\"remote_addr\"<\/code><code class=\"php plain\">: <\/code><code class=\"php string\">\"127.0.0.1\"<\/code><\/div>\n<div class=\"line number13 index12 alt2\"><code class=\"php plain\"># }<\/code><\/div>\n<div class=\"line number14 index13 alt1\">&nbsp;<\/div>\n<div class=\"line number15 index14 alt2\"><code class=\"php keyword\">default<\/code> <code class=\"php plain\">allow = false<\/code><\/div>\n<div class=\"line number16 index15 alt1\">&nbsp;<\/div>\n<div class=\"line number17 index16 alt2\"><code class=\"php plain\"># Allow users to get their own salaries.<\/code><\/div>\n<div class=\"line number18 index17 alt1\"><code class=\"php plain\">allow {<\/code><\/div>\n<div class=\"line number19 index18 alt2\"><code class=\"php spaces\">&nbsp;&nbsp;<\/code><code class=\"php plain\">http_api.method = <\/code><code class=\"php string\">\"GET\"<\/code><\/div>\n<div class=\"line number20 index19 alt1\"><code class=\"php spaces\">&nbsp;&nbsp;<\/code><code class=\"php plain\">http_api.path = [<\/code><code class=\"php string\">\"finance\"<\/code><code class=\"php plain\">, <\/code><code class=\"php string\">\"salary\"<\/code><code class=\"php plain\">, username]<\/code><\/div>\n<div class=\"line number21 index20 alt2\"><code class=\"php spaces\">&nbsp;&nbsp;<\/code><code class=\"php plain\">username = http_api.user<\/code><\/div>\n<div class=\"line number22 index21 alt1\"><code class=\"php plain\">}<\/code><\/div>\n<div class=\"line number23 index22 alt2\">&nbsp;<\/div>\n<div class=\"line number24 index23 alt1\"><code class=\"php plain\"># Allow managers to get their subordinates' salaries.<\/code><\/div>\n<div class=\"line number25 index24 alt2\"><code class=\"php plain\">allow {<\/code><\/div>\n<div class=\"line number26 index25 alt1\"><code class=\"php spaces\">&nbsp;&nbsp;<\/code><code class=\"php plain\">http_api.method = <\/code><code class=\"php string\">\"GET\"<\/code><\/div>\n<div class=\"line number27 index26 alt2\"><code class=\"php spaces\">&nbsp;&nbsp;<\/code><code class=\"php plain\">http_api.path = [<\/code><code class=\"php string\">\"finance\"<\/code><code class=\"php plain\">, <\/code><code class=\"php string\">\"salary\"<\/code><code class=\"php plain\">, username]<\/code><\/div>\n<div class=\"line number28 index27 alt1\"><code class=\"php spaces\">&nbsp;&nbsp;<\/code><code class=\"php plain\">subordinates[http_api.user][_] = username<\/code><\/div>\n<div class=\"line number29 index28 alt2\"><code class=\"php plain\">}<\/code><\/div>\n<div class=\"line number30 index29 alt1\">&nbsp;<\/div>\n<div class=\"line number31 index30 alt2\"><code class=\"php plain\"># Allow managers to edit their subordinates' salaries only <\/code><code class=\"php keyword\">if<\/code> <code class=\"php plain\">the request came<\/code><\/div>\n<div class=\"line number32 index31 alt1\"><code class=\"php plain\"># from user agent cURL <\/code><code class=\"php keyword\">and<\/code> <code class=\"php plain\">address 127.0.0.1.<\/code><\/div>\n<div class=\"line number33 index32 alt2\"><code class=\"php plain\">allow {<\/code><\/div>\n<div class=\"line number34 index33 alt1\"><code class=\"php spaces\">&nbsp;&nbsp;<\/code><code class=\"php plain\">http_api.method = <\/code><code class=\"php string\">\"POST\"<\/code><\/div>\n<div class=\"line number35 index34 alt2\"><code class=\"php spaces\">&nbsp;&nbsp;<\/code><code class=\"php plain\">http_api.path = [<\/code><code class=\"php string\">\"finance\"<\/code><code class=\"php plain\">, <\/code><code class=\"php string\">\"salary\"<\/code><code class=\"php plain\">, username]<\/code><\/div>\n<div class=\"line number36 index35 alt1\"><code class=\"php spaces\">&nbsp;&nbsp;<\/code><code class=\"php plain\">subordinates[http_api.user][_] = username<\/code><\/div>\n<div class=\"line number37 index36 alt2\"><code class=\"php spaces\">&nbsp;&nbsp;<\/code><code class=\"php plain\">http_api.remote_addr = <\/code><code class=\"php string\">\"127.0.0.1\"<\/code><\/div>\n<div class=\"line number38 index37 alt1\"><code class=\"php spaces\">&nbsp;&nbsp;<\/code><code class=\"php plain\">http_api.user_agent = <\/code><code class=\"php string\">\"curl\/7.47.0\"<\/code><\/div>\n<div class=\"line number39 index38 alt2\"><code class=\"php plain\">}<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n\n\n\n<p>At first it defines a data set, which represents the relationship subordinates. For example as per this dataset, alice is a subordinate of bob. Then it defines 3 rules that will give feedback as &#8216;allow&#8217;.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>If user tries to get own salary it is allowed.<\/li><li>If a user tries to get the salary of a subordinate it is allowed.<\/li><li>If a user tries to modify the salary, it is allowed only if it is of a subordinate, request is initiated from remote address &#8216;127.0.0.1&#8217; and user agent &#8216;curl\/7.47.0&#8217;<\/li><\/ul>\n\n\n\n<p>To load this policy into the OPA engine we use below call.<\/p>\n\n\n\n<div>\n<div id=\"highlighter_12996\" class=\"syntaxhighlighter  php\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"py plain\">curl -X PUT --data-binary @salary-example.rego&nbsp; localhost:8181\/v1\/policies\/example<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n\n\n\n<p>The above policy is stored into a file named &#8216;salary-example.rego&#8217; and referred in the above command.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Evaluate at API Invocation<\/h2>\n\n\n\n<p>Below is a sample API implementation in python, that consults the OPA engine on the decision whether to provide a response or deny as unauthorized.<\/p>\n\n\n\n<div>\n<div id=\"highlighter_663960\" class=\"syntaxhighlighter  php\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">01<\/div>\n<div class=\"line number2 index1 alt1\">02<\/div>\n<div class=\"line number3 index2 alt2\">03<\/div>\n<div class=\"line number4 index3 alt1\">04<\/div>\n<div class=\"line number5 index4 alt2\">05<\/div>\n<div class=\"line number6 index5 alt1\">06<\/div>\n<div class=\"line number7 index6 alt2\">07<\/div>\n<div class=\"line number8 index7 alt1\">08<\/div>\n<div class=\"line number9 index8 alt2\">09<\/div>\n<div class=\"line number10 index9 alt1\">10<\/div>\n<div class=\"line number11 index10 alt2\">11<\/div>\n<div class=\"line number12 index11 alt1\">12<\/div>\n<div class=\"line number13 index12 alt2\">13<\/div>\n<div class=\"line number14 index13 alt1\">14<\/div>\n<div class=\"line number15 index14 alt2\">15<\/div>\n<div class=\"line number16 index15 alt1\">16<\/div>\n<div class=\"line number17 index16 alt2\">17<\/div>\n<div class=\"line number18 index17 alt1\">18<\/div>\n<div class=\"line number19 index18 alt2\">19<\/div>\n<div class=\"line number20 index19 alt1\">20<\/div>\n<div class=\"line number21 index20 alt2\">21<\/div>\n<div class=\"line number22 index21 alt1\">22<\/div>\n<div class=\"line number23 index22 alt2\">23<\/div>\n<div class=\"line number24 index23 alt1\">24<\/div>\n<div class=\"line number25 index24 alt2\">25<\/div>\n<div class=\"line number26 index25 alt1\">26<\/div>\n<div class=\"line number27 index26 alt2\">27<\/div>\n<div class=\"line number28 index27 alt1\">28<\/div>\n<div class=\"line number29 index28 alt2\">29<\/div>\n<div class=\"line number30 index29 alt1\">30<\/div>\n<div class=\"line number31 index30 alt2\">31<\/div>\n<div class=\"line number32 index31 alt1\">32<\/div>\n<div class=\"line number33 index32 alt2\">33<\/div>\n<div class=\"line number34 index33 alt1\">34<\/div>\n<div class=\"line number35 index34 alt2\">35<\/div>\n<div class=\"line number36 index35 alt1\">36<\/div>\n<div class=\"line number37 index36 alt2\">37<\/div>\n<div class=\"line number38 index37 alt1\">38<\/div>\n<div class=\"line number39 index38 alt2\">39<\/div>\n<div class=\"line number40 index39 alt1\">40<\/div>\n<div class=\"line number41 index40 alt2\">41<\/div>\n<div class=\"line number42 index41 alt1\">42<\/div>\n<div class=\"line number43 index42 alt2\">43<\/div>\n<div class=\"line number44 index43 alt1\">44<\/div>\n<div class=\"line number45 index44 alt2\">45<\/div>\n<div class=\"line number46 index45 alt1\">46<\/div>\n<div class=\"line number47 index46 alt2\">47<\/div>\n<div class=\"line number48 index47 alt1\">48<\/div>\n<div class=\"line number49 index48 alt2\">49<\/div>\n<div class=\"line number50 index49 alt1\">50<\/div>\n<div class=\"line number51 index50 alt2\">51<\/div>\n<div class=\"line number52 index51 alt1\">52<\/div>\n<div class=\"line number53 index52 alt2\">53<\/div>\n<div class=\"line number54 index53 alt1\">54<\/div>\n<div class=\"line number55 index54 alt2\">55<\/div>\n<div class=\"line number56 index55 alt1\">56<\/div>\n<div class=\"line number57 index56 alt2\">57<\/div>\n<div class=\"line number58 index57 alt1\">58<\/div>\n<div class=\"line number59 index58 alt2\">59<\/div>\n<div class=\"line number60 index59 alt1\">60<\/div>\n<div class=\"line number61 index60 alt2\">61<\/div>\n<div class=\"line number62 index61 alt1\">62<\/div>\n<div class=\"line number63 index62 alt2\">63<\/div>\n<div class=\"line number64 index63 alt1\">64<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"py plain\">#!\/usr\/bin\/env python<\/code><\/div>\n<div class=\"line number2 index1 alt1\">&nbsp;<\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"php plain\">import base64<\/code><\/div>\n<div class=\"line number4 index3 alt1\"><code class=\"php plain\">import os<\/code><\/div>\n<div class=\"line number5 index4 alt2\">&nbsp;<\/div>\n<div class=\"line number6 index5 alt1\"><code class=\"php plain\">from flask import Flask<\/code><\/div>\n<div class=\"line number7 index6 alt2\"><code class=\"php plain\">from flask import request<\/code><\/div>\n<div class=\"line number8 index7 alt1\"><code class=\"php plain\">import json<\/code><\/div>\n<div class=\"line number9 index8 alt2\"><code class=\"php plain\">import requests<\/code><\/div>\n<div class=\"line number10 index9 alt1\">&nbsp;<\/div>\n<div class=\"line number11 index10 alt2\"><code class=\"php plain\">import logging<\/code><\/div>\n<div class=\"line number12 index11 alt1\"><code class=\"php plain\">import sys<\/code><\/div>\n<div class=\"line number13 index12 alt2\"><code class=\"php plain\">logging.basicConfig(stream=sys.stderr, level=logging.DEBUG)<\/code><\/div>\n<div class=\"line number14 index13 alt1\">&nbsp;<\/div>\n<div class=\"line number15 index14 alt2\"><code class=\"php plain\">app = Flask(__name__)<\/code><\/div>\n<div class=\"line number16 index15 alt1\">&nbsp;<\/div>\n<div class=\"line number17 index16 alt2\"><code class=\"php plain\">opa_url = os.environ.get(<\/code><code class=\"php string\">\"OPA_ADDR\"<\/code><code class=\"php plain\">, <\/code><code class=\"php string\">\"<a href=\"http:\/\/localhost:8181\">http:\/\/localhost:8181<\/a>\"<\/code><code class=\"php plain\">)<\/code><\/div>\n<div class=\"line number18 index17 alt1\"><code class=\"php plain\">policy_path = os.environ.get(<\/code><code class=\"php string\">\"POLICY_PATH\"<\/code><code class=\"php plain\">, <\/code><code class=\"php string\">\"\/v1\/data\/httpapi\/authz\"<\/code><code class=\"php plain\">)<\/code><\/div>\n<div class=\"line number19 index18 alt2\">&nbsp;<\/div>\n<div class=\"line number20 index19 alt1\"><code class=\"php plain\">def check_auth(url, user, method, user_agent, remote_addr,url_as_array, token):<\/code><\/div>\n<div class=\"line number21 index20 alt2\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php plain\">input_dict = {<\/code><code class=\"php string\">\"input\"<\/code><code class=\"php plain\">: {<\/code><\/div>\n<div class=\"line number22 index21 alt1\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php string\">\"user\"<\/code><code class=\"php plain\">: user,<\/code><\/div>\n<div class=\"line number23 index22 alt2\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php string\">\"path\"<\/code><code class=\"php plain\">: url_as_array,<\/code><\/div>\n<div class=\"line number24 index23 alt1\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php string\">\"method\"<\/code><code class=\"php plain\">: method,<\/code><\/div>\n<div class=\"line number25 index24 alt2\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php string\">\"user_agent\"<\/code><code class=\"php plain\">: user_agent,<\/code><\/div>\n<div class=\"line number26 index25 alt1\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php string\">\"remote_addr\"<\/code><code class=\"php plain\">: remote_addr<\/code><\/div>\n<div class=\"line number27 index26 alt2\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php plain\">}}<\/code><\/div>\n<div class=\"line number28 index27 alt1\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php keyword\">if<\/code> <code class=\"php plain\">token is not None:<\/code><\/div>\n<div class=\"line number29 index28 alt2\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php plain\">input_dict[<\/code><code class=\"php string\">\"input\"<\/code><code class=\"php plain\">][<\/code><code class=\"php string\">\"token\"<\/code><code class=\"php plain\">] = token<\/code><\/div>\n<div class=\"line number30 index29 alt1\">&nbsp;<\/div>\n<div class=\"line number31 index30 alt2\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php plain\">logging.info(<\/code><code class=\"php string\">\"Checking auth...\"<\/code><code class=\"php plain\">)<\/code><\/div>\n<div class=\"line number32 index31 alt1\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php plain\">logging.info(json.dumps(input_dict, indent=2))<\/code><\/div>\n<div class=\"line number33 index32 alt2\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php keyword\">try<\/code><code class=\"php plain\">:<\/code><\/div>\n<div class=\"line number34 index33 alt1\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php plain\">rsp = requests.post(url, data=json.dumps(input_dict))<\/code><\/div>\n<div class=\"line number35 index34 alt2\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php plain\">except Exception <\/code><code class=\"php keyword\">as<\/code> <code class=\"php plain\">err:<\/code><\/div>\n<div class=\"line number36 index35 alt1\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php plain\">logging.info(err)<\/code><\/div>\n<div class=\"line number37 index36 alt2\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php keyword\">return<\/code> <code class=\"php plain\">{}<\/code><\/div>\n<div class=\"line number38 index37 alt1\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php keyword\">if<\/code> <code class=\"php plain\">rsp.status_code &gt;= 300:<\/code><\/div>\n<div class=\"line number39 index38 alt2\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php plain\">logging.info(<\/code><code class=\"php string\">\"Error checking auth, got status %s and message: %s\"<\/code> <code class=\"php plain\">% (j.status_code, j.text))<\/code><\/div>\n<div class=\"line number40 index39 alt1\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php keyword\">return<\/code> <code class=\"php plain\">{}<\/code><\/div>\n<div class=\"line number41 index40 alt2\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php plain\">j = rsp.json()<\/code><\/div>\n<div class=\"line number42 index41 alt1\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php plain\">logging.info(<\/code><code class=\"php string\">\"Auth response:\"<\/code><code class=\"php plain\">)<\/code><\/div>\n<div class=\"line number43 index42 alt2\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php plain\">logging.info(json.dumps(j, indent=2))<\/code><\/div>\n<div class=\"line number44 index43 alt1\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php keyword\">return<\/code> <code class=\"php plain\">j<\/code><\/div>\n<div class=\"line number45 index44 alt2\">&nbsp;<\/div>\n<div class=\"line number46 index45 alt1\"><code class=\"php plain\">@app.route(<\/code><code class=\"php string\">'\/'<\/code><code class=\"php plain\">, defaults={<\/code><code class=\"php string\">'path'<\/code><code class=\"php plain\">: <\/code><code class=\"php string\">''<\/code><code class=\"php plain\">}, methods = [<\/code><code class=\"php string\">'GET'<\/code><code class=\"php plain\">, <\/code><code class=\"php string\">'POST'<\/code><code class=\"php plain\">, <\/code><code class=\"php string\">'DELETE'<\/code><code class=\"php plain\">])<\/code><\/div>\n<div class=\"line number47 index46 alt2\"><code class=\"php plain\">@app.route(<\/code><code class=\"php string\">'\/&lt;path:path&gt;'<\/code><code class=\"php plain\">, methods = [<\/code><code class=\"php string\">'GET'<\/code><code class=\"php plain\">, <\/code><code class=\"php string\">'POST'<\/code><code class=\"php plain\">])<\/code><\/div>\n<div class=\"line number48 index47 alt1\"><code class=\"php plain\">def root(path):<\/code><\/div>\n<div class=\"line number49 index48 alt2\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php plain\">user_encoded = request.headers.get(<\/code><code class=\"php string\">'Authorization'<\/code><code class=\"php plain\">, <\/code><code class=\"php string\">\"Anonymous:none\"<\/code><code class=\"php plain\">)<\/code><\/div>\n<div class=\"line number50 index49 alt1\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php plain\">logging.info(<\/code><code class=\"php string\">\"User Agent: %s\"<\/code> <code class=\"php plain\">% request.user_agent.string)<\/code><\/div>\n<div class=\"line number51 index50 alt2\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php plain\">logging.info(<\/code><code class=\"php string\">\"Remote Address: %s\"<\/code> <code class=\"php plain\">% request.remote_addr)<\/code><\/div>\n<div class=\"line number52 index51 alt1\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php keyword\">if<\/code> <code class=\"php plain\">user_encoded:<\/code><\/div>\n<div class=\"line number53 index52 alt2\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php plain\">user_encoded = user_encoded.split(<\/code><code class=\"php string\">\"Basic \"<\/code><code class=\"php plain\">)[1]<\/code><\/div>\n<div class=\"line number54 index53 alt1\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php plain\">user, _ = base64.b64decode(user_encoded).decode(<\/code><code class=\"php string\">\"utf-8\"<\/code><code class=\"php plain\">).split(<\/code><code class=\"php string\">\":\"<\/code><code class=\"php plain\">)<\/code><\/div>\n<div class=\"line number55 index54 alt2\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php plain\">url = opa_url + policy_path<\/code><\/div>\n<div class=\"line number56 index55 alt1\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php plain\">path_as_array = path.split(<\/code><code class=\"php string\">\"\/\"<\/code><code class=\"php plain\">)<\/code><\/div>\n<div class=\"line number57 index56 alt2\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php plain\">token = request.args[<\/code><code class=\"php string\">\"token\"<\/code><code class=\"php plain\">] <\/code><code class=\"php keyword\">if<\/code> <code class=\"php string\">\"token\"<\/code> <code class=\"php plain\">in request.args <\/code><code class=\"php keyword\">else<\/code> <code class=\"php plain\">None<\/code><\/div>\n<div class=\"line number58 index57 alt1\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php plain\">j = check_auth(url, user, request.method, request.user_agent.string, request.remote_addr, path_as_array, token).get(<\/code><code class=\"php string\">\"result\"<\/code><code class=\"php plain\">, {})<\/code><\/div>\n<div class=\"line number59 index58 alt2\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php keyword\">if<\/code> <code class=\"php plain\">j.get(<\/code><code class=\"php string\">\"allow\"<\/code><code class=\"php plain\">, False) == True:<\/code><\/div>\n<div class=\"line number60 index59 alt1\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php keyword\">return<\/code> <code class=\"php string\">\"Success: user %s is authorized \\n\"<\/code> <code class=\"php plain\">% user<\/code><\/div>\n<div class=\"line number61 index60 alt2\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php keyword\">return<\/code> <code class=\"php string\">\"Error: user %s is not authorized to %s url \/%s \\n\"<\/code> <code class=\"php plain\">% (user, request.method, path)<\/code><\/div>\n<div class=\"line number62 index61 alt1\">&nbsp;<\/div>\n<div class=\"line number63 index62 alt2\"><code class=\"php keyword\">if<\/code> <code class=\"php plain\">__name__ == <\/code><code class=\"php string\">\"__main__\"<\/code><code class=\"php plain\">:<\/code><\/div>\n<div class=\"line number64 index63 alt1\"><code class=\"php spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"php plain\">app.run()<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n\n\n\n<p>The function &#8216;check_auth&#8217; is responsible to retreive the decision from OPA engine, providing the input details required for authorization. Run the above python script with below command. It uses python modules &#8216;flask&#8217; and &#8216;request&#8217;.<\/p>\n\n\n\n<div>\n<div id=\"highlighter_605910\" class=\"syntaxhighlighter  php\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"php plain\">python echo_server.py<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n\n\n\n<p>Now we can try to call this API served by this python server and see the authorization policy in action.<\/p>\n\n\n\n<div>\n<div id=\"highlighter_270164\" class=\"syntaxhighlighter  php\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"php plain\">curl --user alice:password localhost:5000\/finance\/salary\/alice<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n\n\n\n<p>Above is allowed based on the 1st rule, user trying to read own salary.<\/p>\n\n\n\n<div>\n<div id=\"highlighter_484656\" class=\"syntaxhighlighter  php\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"php plain\">curl --user bob:password localhost:5000\/finance\/salary\/alice<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n\n\n\n<p>Above is allowed based on the 2nd rule, user trying to read the salary of a subordinate.<\/p>\n\n\n\n<div>\n<div id=\"highlighter_530973\" class=\"syntaxhighlighter  php\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"php plain\">curl -X POST -d <\/code><code class=\"php string\">\"empoyeeID=100&amp;value=2000\"<\/code> <code class=\"php plain\">--user bob:password localhost:5000\/finance\/salary\/alice<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n\n\n\n<p>This will be allowed based on the 3rd rule, if the user agent also matches the exact same cURL client version we have defined in the policy.<\/p>\n\n\n\n<div>\n<div id=\"highlighter_918969\" class=\"syntaxhighlighter  php\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"php plain\">curl -X POST -d <\/code><code class=\"php string\">\"empoyeeID=100&amp;value=2000\"<\/code> <code class=\"php plain\">--user bob:password localhost:5000\/finance\/salary\/alice<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n\n\n\n<p>&nbsp;Even though the previous request was allowed for bob to edit alice&#8217;s salary, the above request is failed as a user cannot modify own salary based on the defined rule.<\/p>\n\n\n\n<p>This was a good excercise to understand the power and the behavior of OPA which enjoyed. Hope you too. Cheers!<\/p>\n\n\n\n<p>[1] &#8211;<a href=\"https:\/\/www.openpolicyagent.org\/\">https:\/\/www.openpolicyagent.org<\/a><br><br>[2] &#8211;<a href=\"https:\/\/www.openpolicyagent.org\/docs\/comparison-to-other-systems.html\">https:\/\/www.openpolicyagent.org\/docs\/comparison-to-other-systems.html<\/a><br><br>[3] &#8211;<a href=\"https:\/\/www.openpolicyagent.org\/docs\/http-api-authorization.html\">https:\/\/www.openpolicyagent.org\/docs\/http-api-authorization.html<\/a><br><br>[4] &#8211;<a href=\"https:\/\/github.com\/open-policy-agent\/opa\/releases\">https:\/\/github.com\/open-policy-agent\/opa\/releases<\/a><\/p>\n\n\n\n<div class=\"attribution\">\n<table>\n<tbody>\n<tr>\n<td>\n<p>Published on Web Code Geeks with permission by Pushpalanka, partner at our <a href=\"\/\/www.webcodegeeks.com\/join-us\/wcg\/\" target=\"_blank\" rel=\"noopener\">WCG program<\/a>. See the original article here: <a href=\"http:\/\/pushpalankajaya.blogspot.com\/2019\/01\/opa-for-http-authorization.html\" target=\"_blank\" rel=\"noopener\">OPA for HTTP Authorization<\/a><\/p>\n<p>Opinions expressed by Web Code Geeks contributors are their own.<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Open Policy Agent[1] is a promising, light weight and very generic policy engine to govern authorization is any type of domain. I found this comparion[2] very attractive in evaluating OPA for a project I am currently working on, where they demonstrate how OPA can cater same functionality defined in RBAC, RBAC with Seperation of Duty, &hellip;<\/p>\n","protected":false},"author":11268,"featured_media":1651,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[53],"tags":[556],"class_list":["post-23772","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-python","tag-rest-api"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>OPA for HTTP Authorization - Web Code Geeks - 2026<\/title>\n<meta name=\"description\" content=\"Interested to learn about Open Policy Agent? Check our article presenting a brief demonstration of OPA used for HTTP API authorization.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.webcodegeeks.com\/python\/opa-http-authorization\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"OPA for HTTP Authorization - Web Code Geeks - 2026\" \/>\n<meta property=\"og:description\" content=\"Interested to learn about Open Policy Agent? Check our article presenting a brief demonstration of OPA used for HTTP API authorization.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.webcodegeeks.com\/python\/opa-http-authorization\/\" \/>\n<meta property=\"og:site_name\" content=\"Web Code Geeks\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/webcodegeeks\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/pushpalanka\" \/>\n<meta property=\"article:published_time\" content=\"2019-02-01T10:15:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.webcodegeeks.com\/wp-content\/uploads\/2014\/11\/python-logo.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"150\" \/>\n\t<meta property=\"og:image:height\" content=\"150\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Pushpalanka\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Pushpalanka\" \/>\n<meta name=\"twitter:site\" content=\"@webcodegeeks\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Pushpalanka\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.webcodegeeks.com\/python\/opa-http-authorization\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.webcodegeeks.com\/python\/opa-http-authorization\/\"},\"author\":{\"name\":\"Pushpalanka\",\"@id\":\"https:\/\/www.webcodegeeks.com\/#\/schema\/person\/b3fe65e84df013f720555e18cb22451f\"},\"headline\":\"OPA for HTTP Authorization\",\"datePublished\":\"2019-02-01T10:15:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.webcodegeeks.com\/python\/opa-http-authorization\/\"},\"wordCount\":543,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.webcodegeeks.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.webcodegeeks.com\/python\/opa-http-authorization\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.webcodegeeks.com\/wp-content\/uploads\/2014\/11\/python-logo.jpg\",\"keywords\":[\"Rest API\"],\"articleSection\":[\"Python\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.webcodegeeks.com\/python\/opa-http-authorization\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.webcodegeeks.com\/python\/opa-http-authorization\/\",\"url\":\"https:\/\/www.webcodegeeks.com\/python\/opa-http-authorization\/\",\"name\":\"OPA for HTTP Authorization - Web Code Geeks - 2026\",\"isPartOf\":{\"@id\":\"https:\/\/www.webcodegeeks.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.webcodegeeks.com\/python\/opa-http-authorization\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.webcodegeeks.com\/python\/opa-http-authorization\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.webcodegeeks.com\/wp-content\/uploads\/2014\/11\/python-logo.jpg\",\"datePublished\":\"2019-02-01T10:15:16+00:00\",\"description\":\"Interested to learn about Open Policy Agent? Check our article presenting a brief demonstration of OPA used for HTTP API authorization.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.webcodegeeks.com\/python\/opa-http-authorization\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.webcodegeeks.com\/python\/opa-http-authorization\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.webcodegeeks.com\/python\/opa-http-authorization\/#primaryimage\",\"url\":\"https:\/\/www.webcodegeeks.com\/wp-content\/uploads\/2014\/11\/python-logo.jpg\",\"contentUrl\":\"https:\/\/www.webcodegeeks.com\/wp-content\/uploads\/2014\/11\/python-logo.jpg\",\"width\":150,\"height\":150},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.webcodegeeks.com\/python\/opa-http-authorization\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.webcodegeeks.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Python\",\"item\":\"https:\/\/www.webcodegeeks.com\/category\/python\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"OPA for HTTP Authorization\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.webcodegeeks.com\/#website\",\"url\":\"https:\/\/www.webcodegeeks.com\/\",\"name\":\"Web Code Geeks\",\"description\":\"Web Developers Resource Center\",\"publisher\":{\"@id\":\"https:\/\/www.webcodegeeks.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.webcodegeeks.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.webcodegeeks.com\/#organization\",\"name\":\"Exelixis Media P.C.\",\"url\":\"https:\/\/www.webcodegeeks.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.webcodegeeks.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.webcodegeeks.com\/wp-content\/uploads\/2022\/06\/exelixis-logo.png\",\"contentUrl\":\"https:\/\/www.webcodegeeks.com\/wp-content\/uploads\/2022\/06\/exelixis-logo.png\",\"width\":864,\"height\":246,\"caption\":\"Exelixis Media P.C.\"},\"image\":{\"@id\":\"https:\/\/www.webcodegeeks.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/webcodegeeks\",\"https:\/\/x.com\/webcodegeeks\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.webcodegeeks.com\/#\/schema\/person\/b3fe65e84df013f720555e18cb22451f\",\"name\":\"Pushpalanka\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.webcodegeeks.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c732f6d647c37f2005ce72c025b595f6f962144daf6a13a885d844dc020a5e94?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c732f6d647c37f2005ce72c025b595f6f962144daf6a13a885d844dc020a5e94?s=96&d=mm&r=g\",\"caption\":\"Pushpalanka\"},\"description\":\"Pushpalanka is an undergraduate in Computer Science and Engineering and working on variety of middle-ware solutions. She is an open-source enthusiastic having interests in the fields of Big Data, Distributed Systems and Web Security.She has successfully participated in Google Summer of Code 2012 program.\",\"sameAs\":[\"http:\/\/pushpalankajaya.blogspot.com\/\",\"https:\/\/www.facebook.com\/pushpalanka\",\"http:\/\/www.linkedin.com\/pub\/pushpalanka-jayawardhana\/21\/214\/50a\",\"https:\/\/x.com\/Pushpalanka\"],\"url\":\"https:\/\/www.webcodegeeks.com\/author\/pushpalanka\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"OPA for HTTP Authorization - Web Code Geeks - 2026","description":"Interested to learn about Open Policy Agent? Check our article presenting a brief demonstration of OPA used for HTTP API authorization.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.webcodegeeks.com\/python\/opa-http-authorization\/","og_locale":"en_US","og_type":"article","og_title":"OPA for HTTP Authorization - Web Code Geeks - 2026","og_description":"Interested to learn about Open Policy Agent? Check our article presenting a brief demonstration of OPA used for HTTP API authorization.","og_url":"https:\/\/www.webcodegeeks.com\/python\/opa-http-authorization\/","og_site_name":"Web Code Geeks","article_publisher":"https:\/\/www.facebook.com\/webcodegeeks","article_author":"https:\/\/www.facebook.com\/pushpalanka","article_published_time":"2019-02-01T10:15:16+00:00","og_image":[{"width":150,"height":150,"url":"https:\/\/www.webcodegeeks.com\/wp-content\/uploads\/2014\/11\/python-logo.jpg","type":"image\/jpeg"}],"author":"Pushpalanka","twitter_card":"summary_large_image","twitter_creator":"@Pushpalanka","twitter_site":"@webcodegeeks","twitter_misc":{"Written by":"Pushpalanka","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.webcodegeeks.com\/python\/opa-http-authorization\/#article","isPartOf":{"@id":"https:\/\/www.webcodegeeks.com\/python\/opa-http-authorization\/"},"author":{"name":"Pushpalanka","@id":"https:\/\/www.webcodegeeks.com\/#\/schema\/person\/b3fe65e84df013f720555e18cb22451f"},"headline":"OPA for HTTP Authorization","datePublished":"2019-02-01T10:15:16+00:00","mainEntityOfPage":{"@id":"https:\/\/www.webcodegeeks.com\/python\/opa-http-authorization\/"},"wordCount":543,"commentCount":0,"publisher":{"@id":"https:\/\/www.webcodegeeks.com\/#organization"},"image":{"@id":"https:\/\/www.webcodegeeks.com\/python\/opa-http-authorization\/#primaryimage"},"thumbnailUrl":"https:\/\/www.webcodegeeks.com\/wp-content\/uploads\/2014\/11\/python-logo.jpg","keywords":["Rest API"],"articleSection":["Python"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.webcodegeeks.com\/python\/opa-http-authorization\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.webcodegeeks.com\/python\/opa-http-authorization\/","url":"https:\/\/www.webcodegeeks.com\/python\/opa-http-authorization\/","name":"OPA for HTTP Authorization - Web Code Geeks - 2026","isPartOf":{"@id":"https:\/\/www.webcodegeeks.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.webcodegeeks.com\/python\/opa-http-authorization\/#primaryimage"},"image":{"@id":"https:\/\/www.webcodegeeks.com\/python\/opa-http-authorization\/#primaryimage"},"thumbnailUrl":"https:\/\/www.webcodegeeks.com\/wp-content\/uploads\/2014\/11\/python-logo.jpg","datePublished":"2019-02-01T10:15:16+00:00","description":"Interested to learn about Open Policy Agent? Check our article presenting a brief demonstration of OPA used for HTTP API authorization.","breadcrumb":{"@id":"https:\/\/www.webcodegeeks.com\/python\/opa-http-authorization\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.webcodegeeks.com\/python\/opa-http-authorization\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.webcodegeeks.com\/python\/opa-http-authorization\/#primaryimage","url":"https:\/\/www.webcodegeeks.com\/wp-content\/uploads\/2014\/11\/python-logo.jpg","contentUrl":"https:\/\/www.webcodegeeks.com\/wp-content\/uploads\/2014\/11\/python-logo.jpg","width":150,"height":150},{"@type":"BreadcrumbList","@id":"https:\/\/www.webcodegeeks.com\/python\/opa-http-authorization\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.webcodegeeks.com\/"},{"@type":"ListItem","position":2,"name":"Python","item":"https:\/\/www.webcodegeeks.com\/category\/python\/"},{"@type":"ListItem","position":3,"name":"OPA for HTTP Authorization"}]},{"@type":"WebSite","@id":"https:\/\/www.webcodegeeks.com\/#website","url":"https:\/\/www.webcodegeeks.com\/","name":"Web Code Geeks","description":"Web Developers Resource Center","publisher":{"@id":"https:\/\/www.webcodegeeks.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.webcodegeeks.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.webcodegeeks.com\/#organization","name":"Exelixis Media P.C.","url":"https:\/\/www.webcodegeeks.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.webcodegeeks.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.webcodegeeks.com\/wp-content\/uploads\/2022\/06\/exelixis-logo.png","contentUrl":"https:\/\/www.webcodegeeks.com\/wp-content\/uploads\/2022\/06\/exelixis-logo.png","width":864,"height":246,"caption":"Exelixis Media P.C."},"image":{"@id":"https:\/\/www.webcodegeeks.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/webcodegeeks","https:\/\/x.com\/webcodegeeks"]},{"@type":"Person","@id":"https:\/\/www.webcodegeeks.com\/#\/schema\/person\/b3fe65e84df013f720555e18cb22451f","name":"Pushpalanka","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.webcodegeeks.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/c732f6d647c37f2005ce72c025b595f6f962144daf6a13a885d844dc020a5e94?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c732f6d647c37f2005ce72c025b595f6f962144daf6a13a885d844dc020a5e94?s=96&d=mm&r=g","caption":"Pushpalanka"},"description":"Pushpalanka is an undergraduate in Computer Science and Engineering and working on variety of middle-ware solutions. She is an open-source enthusiastic having interests in the fields of Big Data, Distributed Systems and Web Security.She has successfully participated in Google Summer of Code 2012 program.","sameAs":["http:\/\/pushpalankajaya.blogspot.com\/","https:\/\/www.facebook.com\/pushpalanka","http:\/\/www.linkedin.com\/pub\/pushpalanka-jayawardhana\/21\/214\/50a","https:\/\/x.com\/Pushpalanka"],"url":"https:\/\/www.webcodegeeks.com\/author\/pushpalanka\/"}]}},"_links":{"self":[{"href":"https:\/\/www.webcodegeeks.com\/wp-json\/wp\/v2\/posts\/23772","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.webcodegeeks.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.webcodegeeks.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.webcodegeeks.com\/wp-json\/wp\/v2\/users\/11268"}],"replies":[{"embeddable":true,"href":"https:\/\/www.webcodegeeks.com\/wp-json\/wp\/v2\/comments?post=23772"}],"version-history":[{"count":0,"href":"https:\/\/www.webcodegeeks.com\/wp-json\/wp\/v2\/posts\/23772\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.webcodegeeks.com\/wp-json\/wp\/v2\/media\/1651"}],"wp:attachment":[{"href":"https:\/\/www.webcodegeeks.com\/wp-json\/wp\/v2\/media?parent=23772"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.webcodegeeks.com\/wp-json\/wp\/v2\/categories?post=23772"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.webcodegeeks.com\/wp-json\/wp\/v2\/tags?post=23772"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}