Iterative Adoption of Oso Cloud
This guide presents an iterative, local-first approach to replacing your home-grown authorization code with Oso Cloud. This approach is based on our experience working directly with our customers as they integrate Oso Cloud. After reading the guide, you'll know how to:
- Extract home-grown authorization logic from your application code
- Convert home-grown authorization logic to Polar
- Evaluate authorization requests with Oso Cloud SDKs
- Simplify data management with a no-synchronization approach
- Minimize disruption by upgrading in small, repeated steps
Intended reader
This guide is for engineers who know Oso Cloud well enough to have concluded that it is likely to meet their needs and who are ready to try it out in their own application. You may not be ready to buy yet, but you should at least be interested in a POC-level evaluation. If you've reached that point and are looking for guidance on adding Oso Cloud to your application quickly and efficiently, then this guide is for you.
Assumptions
This guide will review core concepts, but will not treat them in depth. Its focus is instead on defining a local-first, best-practices approach to adding Oso Cloud to your application by making effective use of those concepts. In particular, the guide assumes that you understand:
- How Oso Cloud evaluates authorization requests
- How Oso Cloud represents authorization logic using Polar
- How Oso Cloud represents authorization data using facts
- Querying facts using wildcard notation
- Sending authorization data to Oso Cloud at request time using context facts
The guide will link to the relevant docs as you encounter each of these concepts, but if this is your first time approaching any of them, you may find that it moves too quickly.
Outcomes
After converting from inline authorization code to Oso Cloud, you can expect the following benefits:
- Your authorization logic is explicit
- Your authorization code is easier to test and safer to modify
- Your development team spends less time on authorization and more time on differentiating functionality
Keep these outcomes in mind as you integrate Oso Cloud. They'll help you to ensure that you're deriving tangible benefits from adopting Oso Cloud. The process we describe below is designed to let you realize these benefits as quickly as possible.
The process
The samples throughout this walkthrough are written in TypeScript. Oso provides client libraries for many popular languages, so the techniques described here will likely apply to your application. The syntax may differ depending on the library you use.
You'll follow these steps as you implement Oso Cloud:
- Extract a small piece of authorization logic to a dedicated location
- Implement that logic in Polar
- Use an Oso SDK to evaluate the Polar logic alongside your existing authorization code
- Send data to Oso Cloud as context facts
- Replace the context facts with data fetched from your application database
- Replace your existing authorization code with a call to Oso Cloud
First, let's extract a piece of authorization logic for refactoring.