Examples of using Open Policy Agent (OPA) with the segrax/open-policy-agent library on PHP 7.3.
These examples are pre-configured to work out of the box and contain insecure JWTs / secret-key and must never be reused for any purpose.
The API is setup for xdebug including working @code configuration.
All Examples make use of docker-compose, and executing the steps below will launch multiple contains.
For a walkthrough using these examples please see this tutorial
- Plain PHP usage of client
- Slim 4 Skeleton API with policy authorization
This example can be used for making queries to an instance of OPA.
cd plain
make composer-install
make test
This example demonstrates how to invoke a policy for making a decision on access to a route.
cd slim4-api
make start
The containers will now build and be started, by default the API will be listening on port 80. This example serves up policies in a bundle to the running OPA using the Distributor PSR-15 middleware that is included in segrax/open-policy-agent.
A Postman collection is included inside slim4-api, import it and test both endpoints.
This is the policy for the included example endpoint.
package slim.api
default allow = false
# OPA Bundle
allow {
input.path = ["opa", "bundles", "{name}"]
input.token.sub == "opa"
}
# Allow a user to access their own private end point
allow {
input.method == "GET"
input.path = ["welcome", userid ]
userid == input.token.sub
}
# Allow anyone (including unauthed) access to the public endpoint
allow {
input.path = ["public"]
input.method == "GET"
}