import Tabs from '@theme/Tabs'; import TabItem from '@theme/TabItem';
Get Decision
package main
import (
"context"
"log"
authorizationv2 "github.com/opentdf/platform/protocol/go/authorization/v2"
"github.com/opentdf/platform/protocol/go/entity"
"github.com/opentdf/platform/protocol/go/policy"
"github.com/opentdf/platform/sdk"
)
func main() {
platformEndpoint := "http://localhost:8080"
// Create a new client
client, err := sdk.New(
platformEndpoint,
sdk.WithClientCredentials("opentdf", "secret", nil),
)
if err != nil {
log.Fatal(err)
}
// Get Decision using v2 API
decisionReq := &authorizationv2.GetDecisionRequest{
EntityIdentifier: &authorizationv2.EntityIdentifier{
Identifier: &authorizationv2.EntityIdentifier_EntityChain{
EntityChain: &entity.EntityChain{
Entities: []*entity.Entity{
{
EphemeralId: "entity-1",
EntityType: &entity.Entity_ClientId{
ClientId: "opentdf",
},
},
},
},
},
},
Action: &policy.Action{
Name: "decrypt",
},
Resource: &authorizationv2.Resource{
Resource: &authorizationv2.Resource_AttributeValues_{
AttributeValues: &authorizationv2.Resource_AttributeValues{
Fqns: []string{"https://opentdf.io/attr/role/value/developer"},
},
},
},
}
decision, err := client.AuthorizationV2.GetDecision(context.Background(), decisionReq)
if err != nil {
log.Fatal(err)
}
decisionResult := decision.GetDecision()
log.Printf("Decision: %v", decisionResult.GetDecision())
if decisionResult.GetDecision() == authorizationv2.Decision_DECISION_PERMIT {
log.Printf("✓ Access GRANTED")
// Note: ResourceDecision doesn't have obligations in v2 API
}
}package main
import (
"context"
"log"
"github.com/opentdf/platform/protocol/go/authorization"
"github.com/opentdf/platform/protocol/go/policy"
"github.com/opentdf/platform/sdk"
)
func main() {
platformEndpoint := "http://localhost:8080"
// Create a new client
client, err := sdk.New(
platformEndpoint,
sdk.WithClientCredentials("opentdf", "secret", nil),
)
if err != nil {
log.Fatal(err)
}
// Get Decision using v1 API (bulk decisions)
decisionRequests := []*authorization.DecisionRequest{{
Actions: []*policy.Action{{
Name: "decrypt",
}},
EntityChains: []*authorization.EntityChain{{
Id: "ec1",
Entities: []*authorization.Entity{{
EntityType: &authorization.Entity_ClientId{
ClientId: "opentdf",
},
Category: authorization.Entity_CATEGORY_SUBJECT,
}},
}},
ResourceAttributes: []*authorization.ResourceAttribute{{
AttributeValueFqns: []string{"https://opentdf.io/attr/role/value/developer"},
}},
}}
decisionRequest := &authorization.GetDecisionsRequest{
DecisionRequests: decisionRequests,
}
decisionResponse, err := client.Authorization.GetDecisions(context.Background(), decisionRequest)
if err != nil {
log.Fatal(err)
}
for _, dr := range decisionResponse.GetDecisionResponses() {
log.Printf("Decision for entity chain %s: %v", dr.GetEntityChainId(), dr.GetDecision())
if dr.GetDecision() == authorization.DecisionResponse_DECISION_PERMIT {
log.Printf("✓ Access GRANTED")
if len(dr.GetObligations()) > 0 {
log.Printf("Obligations: %v", dr.GetObligations())
}
}
}
}package io.opentdf.platform;
import io.opentdf.platform.sdk.*;
import java.util.concurrent.ExecutionException;
import io.opentdf.platform.authorization.*;
import io.opentdf.platform.entity.*;
import io.opentdf.platform.policy.*;
public class GetDecision {
public static void main(String[] args) throws ExecutionException, InterruptedException{
String clientId = "opentdf";
String clientSecret = "secret";
String platformEndpoint = "http://localhost:8080";
SDKBuilder builder = new SDKBuilder();
SDK sdk = builder.platformEndpoint(platformEndpoint)
.clientSecret(clientId, clientSecret).useInsecurePlaintextConnection(true)
.build();
// Get Decision using v2 API
GetDecisionRequest request = GetDecisionRequest.newBuilder()
.setEntityIdentifier(
EntityIdentifier.newBuilder()
.setEntityChain(
EntityChain.newBuilder()
.addEntities(
Entity.newBuilder()
.setId("entity-1")
.setClientId("opentdf")
)
)
)
.setAction(
Action.newBuilder()
.setName("decrypt")
)
.setResource(
Resource.newBuilder()
.setAttributeValues(
Resource.AttributeValues.newBuilder()
.addFqns("https://opentdf.io/attr/role/value/developer")
)
)
.build();
GetDecisionResponse resp = sdk.getServices().authorization().getDecision(request).get();
Decision decision = resp.getDecision();
System.out.println("Decision: " + decision.getDecision());
if (decision.getDecision() == Decision.DECISION_PERMIT && decision.getObligationsCount() > 0) {
System.out.println("Obligations: " + decision.getObligationsList());
}
}
}import {
DecisionResponse_Decision,
Entity_Category,
type GetDecisionsResponse,
} from "@opentdf/sdk/platform/authorization/authorization_pb.js";
import { platformConnect, PlatformClient } from "@opentdf/sdk/platform";
async function main() {
const platformUrl = "http://localhost:8080";
// Assume you have an existing access token
const accessToken = "your-refresh-token-here";
const interceptor: platformConnect.Interceptor = (next) => async (req) => {
req.header.set("Authorization", `Bearer ${accessToken}`);
return next(req);
};
const platformClient = new PlatformClient({
platformUrl: platformUrl,
interceptors: [interceptor],
});
// Get Decision using v1 API (bulk decisions)
try {
const response = (await platformClient.v1.authorization.getDecisions({
decisionRequests: [
{
entityChains: [
{
id: "ec1",
entities: [
{
id: "entity-1",
entityType: {
case: "clientId",
value: "opentdf",
},
category: Entity_Category.SUBJECT,
},
],
},
],
actions: [
{
name: "decrypt",
},
],
resourceAttributes: [
{
resourceAttributesId: "resource-1",
attributeValueFqns: [
"https://opentdf.io/attr/role/value/developer",
],
},
],
},
],
})) as GetDecisionsResponse;
response.decisionResponses.forEach((decision) => {
console.log("Decision:", decision.decision);
if (
decision.decision === DecisionResponse_Decision.PERMIT &&
decision.obligations?.length > 0
) {
console.log("Obligations:", decision.obligations);
}
});
} catch (error) {
console.error("Error:", error);
}
}
main();