OptionalauxData?: Pick<AuxData, "jwt">Auxiliary data related to the principal.
You can read claims directly from a JWT in your authorization policies by configuring the Cerbos policy decision point (PDP) service or an embedded PDP client to decode the token.
Your application's component tree.
The Cerbos client to provide.
The principal to check.
The provider should be placed close to the root of your application.
You need to provide a principal, but it can describe an anonymous user so that you can perform permission checks for unauthenticated users. You could use a single hardcoded ID for all anonymous users, or store a unique identifier in the session.
You can use whichever of the HTTP or embedded client libraries best fit your needs.
import { Embedded as Cerbos } from "@cerbos/embedded";
* // or, import { HTTP as Cerbos } from "@cerbos/http";
import { CerbosProvider } from "@cerbos/react";
// Initialize the Cerbos client using any of the client libraries
// that fit the needs of your application. In this example we are
// using the client from `@cerbos/embedded`.
const client = new Cerbos();
function MyApp({ children }) {
const user = useYourAuthenticationLogic(...);
return (
<CerbosProvider
client={client}
principal={
user
? {
id: user.id,
roles: user.roles,
}
: {
// Define an arbitrary ID for unauthenticated users.
id: "###ANONYMOUS_USER###",
// Define a role that represents unauthenticated users (at least one is required).
roles: ["anonymous"],
}
}
>
{children}
</CerbosProvider>
);
}
A component to provide a Cerbos client to your application's components.