Skip to main content

Protecting Applications and APIs with Policies Using Dynamic Scopes

Instructions on how to configure a policy verifying dynamic scopes and use them as an authorization asset.

Among multiple ways of creating policies in SecureAuth, the one using explicit names of scopes has its dynamic variation now. SecureAuth enables you to define policies using dynamic scopes. For more information on dynamic scopes, see Configure Dynamic Scopes .

Purpose

Define your policies more efficiently with the use of dynamic scopes.

Prerequisites

  • You have login credentials to the SecureAuth administrator portal.

  • You have a dynamic scope defined in the SecureAuth administrator portal.

Create Policy

SecureAuth Policy

  1. Create a SecureAuth policy as explained in Create Policy.

  2. In the policy editor, select + to add a validator.

    acp_how-to_dynpol_addval.png

  3. In the Add new validator view, select the Attributes validator.

    acp_how-to_dynpol_newval.png

  4. In the Attributes view, select ADD FIELD.

    acp_how-to_dynpol_newfield.png

  5. In the Cross context condition editor, expand the Source dropdown menu.

    acp_how-to_dynpol_newctx.png

  6. From the the Source dropdown menu, select Scopes.

    acp_how-to_dynpol_newscopes.png

  7. In the Cross context condition editor, expand the Field / Attribute dropdown menu.

    acp_how-to_dynpol_fdmenu.png

  8. From the the Field / Attribute dropdown menu, select a dynamic-scope attribute, for example, get user.

    acp_how-to_dynpol_fdvalue.png

  9. In the Cross context condition editor, expand the Parameter dropdown menu.

    acp_how-to_dynpol_paramval.png

  10. From the Parameter dropdown menu, select a parameter value pattern, for example, params.0.

    acp_how-to_dynpol_paramset.png

  11. Select an operator (for example, equals) to establish the relationship between the source and the target (the two building blocks of your scope definition).

    acp_how-to_dynpol_oper.png

  12. In the Cross context condition editor, expand the Target dropdown menu.

    acp_how-to_dynpol_target.png

  13. From the the Target dropdown menu, select a data target context, for example, Custom value.

    acp_how-to_dynpol_tarval.png

  14. Specify the value for your target argument (for example, 1) in the filed provided.

    acp_how-to_dynpol_tarone.png

  15. Select SAVE to proceed.

    acp_how-to_dynpol_valsave.png

  16. In the Attributes view, select the OK icon to complete the validator setup.

    acp_how-to_dynpol_valcheck.png

  17. In the policy editor, select SAVE to proceed.

    acp_how-to_dynpol_cepolsave.png

    Result: Your SecureAuth policy using a dynamic scope is ready.

Rego Policy

  1. Create a Rego policy as explained in Create REGO Policy.

    The policy editor opens and allows you to configure your policy in two ways:

    • Entering your code manually (1)

    • Selecting the predefined policy template OAuth Dynamic Scope check (2)

    acp_how-to_dynpol_repol_edit.png

    Note

    For purposes of this article, the OAuth Dynamic Scope check template has been adopted.

  2. In the policy editor, select the predefined policy template OAuth Dynamic Scope check.

    acp_how-to_dynpol_repol_ex.png

  3. Select YES to confirm that you want to import the exemplary policy.

    acp_how-to_dynpol_repol_conf.png

    Result: The Definition view of the policy editor gets populated with a sample code using the dynamic scope syntax. Now is your turn to modify variables and parameters so that the policy addresses your specific scopes.

    acp_how-to_dynpol_repol_templ.png

  4. In the Definition view of the policy editor, modify the sample code to include your dynamic scope data.

    acp_how-to_dynpol_repol_updated.png

  5. Select SAVE to finalize your policy.

    acp_how-to_dynpol_done.png

    Result: Your Rego policy using a dynamic scope is ready.

In this section: