Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrate Biscuits into x/did Module #1158

Open
3 tasks
prnk28 opened this issue Oct 30, 2024 · 0 comments
Open
3 tasks

Integrate Biscuits into x/did Module #1158

prnk28 opened this issue Oct 30, 2024 · 0 comments
Assignees
@prnk28
Labels
#OKR Core Team - Project Management #TODO Core Team - Project Management
Milestone
v0.6

Comments

@prnk28
Copy link
Contributor

prnk28 commented Oct 30, 2024
edited
Loading

Tasks

Description

Biscuit is an authorization framework that allows for secure and flexible token-based access control. Create state transition implementation for Biscuit based Resource Authorization.

Associated Files

  • proto/did
  • x/did

Sequences

1. Installation To use Biscuit in a Golang project, you need to install the `biscuit-go` package. This can be done using the following command: ```sh go get github.com/biscuit-auth/biscuit-go/v2 ```
2. Creating a Biscuit - **Generate Keys**: First, generate a public and private key pair using Ed25519. ```go publicRoot, privateRoot, _ := ed25519.GenerateKey(rand.Reader) ``` - **Create a Biscuit Builder**: Use the private key to create a Biscuit builder. ```go builder := biscuit.NewBuilder(privateRoot) ``` - **Add Facts and Rules**: Add facts and rules to the builder. Facts are data or truths, and rules can generate new facts based on existing ones. ```go authority, err := parser.FromStringBlockWithParams(`right("/a/file1.txt", {read}); right("/a/file1.txt", {write});`, map[string]biscuit.Term{"read": biscuit.String("read"), "write": biscuit.String("write")}) builder.AddBlock(authority) ``` - **Build the Biscuit**: Build the Biscuit and serialize it to a token. ```go b, err := builder.Build() token, err := b.Serialize() ```
3. Validating a Biscuit - **Deserialize the Token**: Deserialize the token back to a Biscuit. ```go b, err := biscuit.Unmarshal(token) ``` - **Create an Authorizer**: Create an authorizer to validate the Biscuit against a set of rules and facts. ```go check1, err := parser.FromStringCheck(`check if operation("create")`) blockBuilder := b.CreateBlock() blockBuilder.AddCheck(check1) attenuatedToken, err := b.Append(rand.Reader, blockBuilder.Build()) ```
4. Attenuation 
 - **Append New Blocks**: You can attenuate the Biscuit by appending new blocks to it, which can add additional checks or rules.
 ```go
 block, err := parser.FromStringBlockWithParams(`check if resource($file), operation($permission), [{read}].contains($permission);`, map[string]biscuit.Term{"read": biscuit.String("read")})
 blockBuilder.AddBlock(block)
 attenuatedBiscuit, err := b.Append(rand.Reader, blockBuilder.Build())
 ```

Example Code:

Here’s a simplified example of creating and validating a Biscuit:

package main

import (
    "crypto/rand"
    "crypto/ed25519"
    "encoding/base64"
    "fmt"
    "github.com/biscuit-auth/biscuit-go/v2"
    "github.com/biscuit-auth/biscuit-go/v2/parser"
)

func main() {
    publicRoot, privateRoot, _ := ed25519.GenerateKey(rand.Reader)
    builder := biscuit.NewBuilder(privateRoot)
    authority, err := parser.FromStringBlockWithParams(`right("/a/file1.txt", {read}); right("/a/file1.txt", {write});`, map[string]biscuit.Term{"read": biscuit.String("read"), "write": biscuit.String("write")})
    if err != nil {
        panic(err)
    }
    builder.AddBlock(authority)
    b, err := builder.Build()
    if err != nil {
        panic(err)
    }
    token, err := b.Serialize()
    if err != nil {
        panic(err)
    }
    fmt.Println(base64.URLEncoding.EncodeToString(token))

    // Deserialize and validate
    b, err = biscuit.Unmarshal(token)
    if err != nil {
        panic(err)
    }
    check1, err := parser.FromStringCheck(`check if operation("create")`)
    if err != nil {
        panic(err)
    }
    blockBuilder := b.CreateBlock()
    blockBuilder.AddCheck(check1)
    attenuatedToken, err := b.Append(rand.Reader, blockBuilder.Build())
    if err != nil {
        panic(err)
    }
    fmt.Println(base64.URLEncoding.EncodeToString(attenuatedToken))
}

References:

This example and the steps provided should give you a good starting point for using Biscuit in Golang. For more detailed information and advanced usage, refer to the official Biscuit documentation and tutorials[1][2][8].

Citations:
@prnk28 prnk28 added #TODO Core Team - Project Management #OKR Core Team - Project Management labels Oct 30, 2024
@prnk28 prnk28 self-assigned this Oct 30, 2024
@prnk28 prnk28 added this to the v0.6 milestone Nov 1, 2024
@prnk28 prnk28 pinned this issue Nov 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@prnk28 prnk28

Labels
#OKR Core Team - Project Management #TODO Core Team - Project Management
Projects
↻ Sonr - v0.6
Status: Next
Milestone
v0.6
Development

No branches or pull requests
1 participant
@prnk28