refactor(jans-cedarling): make all tokens optional when calling Cedarling::authorize

docs/cedarling/cedarling-policy-store.md

@@ -178,18 +178,16 @@ This record contains the information needed to validate tokens from this issuer:
 - **description** : (*String*) A brief description of the trusted issuer, providing context for administrators.
 - **openid_configuration_endpoint** : (*String*) The HTTPS URL for the OpenID Connect configuration endpoint (usually found at `/.well-known/openid-configuration`).
 - **identity_source** : (*Object*, *optional*) Metadata related to the tokens issued by this issuer.
-
-**Notes**:
-
-- The `access_tokens`, `id_tokens`, `userinfo_tokens`, and `tx_tokens` fields will follow the [Token Metadata Schema](#token-metadata-schema).
-- The `access_tokens` will contain a `trusted` and `principal_identifier` field in addition to the fields from the `Token Metadata Schema`.
+- **`access_tokens`, `id_tokens`, `userinfo_tokens`, and `tx_tokens`**: See: [Token Metadata Schema](#token-metadata-schema).
 
 ### Token Metadata Schema
 
 The Token Entity Metadata Schema defines how tokens are mapped, parsed, and transformed within Cedarling. It allows you to specify how to extract user IDs, roles, and other claims from a token using customizable parsers.
 
 ```json
 {
+  "trusted": bool,
+  "principal_identifier": "str",
   "user_id": "<field name in token (e.g., 'email', 'sub', 'uid', etc.) or '' if not used>",
   "role_mapping": "<field for role assignment (e.g., 'role', 'memberOf', etc.) or '' if not used>",
   "claim_mapping": {

jans-cedarling/bindings/cedarling_python/PYTHON_TYPES.md

@@ -113,12 +113,12 @@ authorization data with access token, action, resource, and context.
 
 Attributes
 ----------  
-:param access_token: The access token string.  
-:param id_token: The id token string.  
-:param userinfo_token: The userinfo token string.  
 :param action: The action to be authorized.  
 :param resource: Resource data (wrapped `ResourceData` object).  
-:param context: Python dictionary with additional context.
+:param context: Python dictionary with additional context.  
+:param access_token: (Optional) The access token string.  
+:param id_token: (Optional) The id token string.  
+:param userinfo_token: (Optional) The userinfo token string.
 
 Example
 -------
@@ -203,6 +203,10 @@ ___
 Error encountered while parsing Action to EntityUid
 ___
 
+# authorize_errors.AddEntitiesIntoContextError
+Error encountered while adding entities into context
+___
+
 # authorize_errors.AuthorizeError
 Exception raised by authorize_errors
 ___
@@ -219,14 +223,6 @@ ___
 Error encountered while creating id token entities
 ___
 
-# authorize_errors.CreateRequestUserEntityError
-Error encountered while creating cedar_policy::Request for user entity principal
-___
-
-# authorize_errors.CreateRequestWorkloadEntityError
-Error encountered while creating cedar_policy::Request for workload entity principal
-___
-
 # authorize_errors.CreateUserEntityError
 Error encountered while creating User entity
 ___
@@ -259,3 +255,11 @@ ___
 Error encountered while creating role entity
 ___
 
+# authorize_errors.UserRequestValidationError
+Error encountered while creating cedar_policy::Request for user entity principal
+___
+
+# authorize_errors.WorkloadRequestValidationError
+Error encountered while creating cedar_policy::Request for workload entity principal
+___
+

jans-cedarling/bindings/cedarling_python/cedarling_python.pyi

@@ -128,12 +128,12 @@ class Cedarling:
 
 @final
 class Request:
-    access_token: str
-    id_token: str
-    userinfo_token: str
     action: str
     resource: ResourceData
     context: Dict[str, Any]
+    access_token: str | None
+    id_token: str | None
+    userinfo_token: str | None
 
     def __init__(self,
                  access_token: str,

jans-cedarling/bindings/cedarling_python/src/authorize/errors.rs

@@ -94,14 +94,14 @@ create_exception!(
 
 create_exception!(
     authorize_errors,
-    CreateRequestWorkloadEntityError,
+    WorkloadRequestValidationError,
     AuthorizeError,
     "Error encountered while creating cedar_policy::Request for workload entity principal"
 );
 
 create_exception!(
     authorize_errors,
-    CreateRequestUserEntityError,
+    UserRequestValidationError,
     AuthorizeError,
     "Error encountered while creating cedar_policy::Request for user entity principal"
 );
@@ -175,8 +175,8 @@ errors_functions! {
     RoleEntity => RoleEntityError,
     Action => ActionError,
     CreateContext => CreateContextError,
-    CreateRequestWorkloadEntity => CreateRequestWorkloadEntityError,
-    CreateRequestUserEntity => CreateRequestUserEntityError,
+    WorkloadRequestValidation => WorkloadRequestValidationError,
+    UserRequestValidation => UserRequestValidationError,
     BuildContext => AddEntitiesIntoContextError,
     Entities => EntitiesError,
     EntitiesToJson => EntitiesToJsonError

jans-cedarling/bindings/cedarling_python/src/authorize/request.rs

@@ -20,12 +20,12 @@ use serde_pyobject::from_pyobject;
 ///
 /// Attributes
 /// ----------
-/// :param access_token: The access token string.
-/// :param id_token: The id token string.
-/// :param userinfo_token: The userinfo token string.
 /// :param action: The action to be authorized.
 /// :param resource: Resource data (wrapped `ResourceData` object).
 /// :param context: Python dictionary with additional context.
+/// :param access_token: (Optional) The access token string.
+/// :param id_token: (Optional) The id token string.
+/// :param userinfo_token: (Optional) The userinfo token string.
 ///
 /// Example
 /// -------
@@ -36,11 +36,11 @@ use serde_pyobject::from_pyobject;
 #[pyclass(get_all, set_all)]
 pub struct Request {
     /// Access token raw value
-    pub access_token: String,
+    pub access_token: Option<String>,
     /// Id token raw value
-    pub id_token: String,
+    pub id_token: Option<String>,
     /// Userinfo token raw value
-    pub userinfo_token: String,
+    pub userinfo_token: Option<String>,
     /// cedar_policy action
     pub action: String,
     /// cedar_policy resource data
@@ -52,13 +52,14 @@ pub struct Request {
 #[pymethods]
 impl Request {
     #[new]
+    #[pyo3(signature = (action, resource, context, access_token=None, id_token=None, userinfo_token=None))]
     fn new(
-        access_token: String,
-        id_token: String,
-        userinfo_token: String,
         action: String,
         resource: ResourceData,
         context: Py<PyDict>,
+        access_token: Option<String>,
+        id_token: Option<String>,
+        userinfo_token: Option<String>,
     ) -> Self {
         Self {
             access_token,

jans-cedarling/bindings/cedarling_python/tests/test_authorize.py

@@ -115,11 +115,13 @@ def test_authorize_ok():
     })
 
     request = Request(
-        ACCESS_TOKEN,
-        ID_TOKEN,
-        USERINFO_TOKEN,
+        access_token=ACCESS_TOKEN,
+        id_token=ID_TOKEN,
+        userinfo_token=USERINFO_TOKEN,
         action='Jans::Action::"Update"',
-        context={}, resource=resource)
+        context={}, 
+        resource=resource,
+    )
 
     authorize_result = instance.authorize(request)
     assert authorize_result.is_allowed(), "request should be allowed"
@@ -170,9 +172,9 @@ def raise_authorize_error(bootstrap_config):
     })
 
     request = Request(
-        ACCESS_TOKEN,
-        ID_TOKEN,
-        USERINFO_TOKEN,
+        access_token=ACCESS_TOKEN,
+        id_token=ID_TOKEN,
+        userinfo_token=USERINFO_TOKEN,
         action='Jans::Action::"Update"',
         context={}, resource=resource)
 
@@ -189,7 +191,7 @@ def test_resource_entity_error():
     try:
         raise_authorize_error(load_bootstrap_config())
     except authorize_errors.ResourceEntityError as e:
-        assert str(e) == "could not create resource entity: could not get attribute value from payload: could not convert json field with key: org_id to: String, got: number"
+        assert str(e) == "could not create resource entity: could not get attribute value from payload: type mismatch for key 'org_id'. expected: 'String', but found: 'number'"
 
 
 def test_authorize_error():
@@ -201,4 +203,4 @@ def test_authorize_error():
     try:
         raise_authorize_error(load_bootstrap_config())
     except authorize_errors.AuthorizeError as e:
-        assert str(e) == "could not create resource entity: could not get attribute value from payload: could not convert json field with key: org_id to: String, got: number"
+        assert str(e) == "could not create resource entity: could not get attribute value from payload: type mismatch for key 'org_id'. expected: 'String', but found: 'number'"

jans-cedarling/cedarling/examples/authorize_with_jwt_validation.rs

@@ -1,17 +1,16 @@
-/*
- * This software is available under the Apache-2.0 license.
- * See https://www.apache.org/licenses/LICENSE-2.0.txt for full text.
- *
- * Copyright (c) 2024, Gluu, Inc.
- */
+// This software is available under the Apache-2.0 license.
+// See https://www.apache.org/licenses/LICENSE-2.0.txt for full text.
+//
+// Copyright (c) 2024, Gluu, Inc.
+
+use std::collections::{HashMap, HashSet};
 
 use cedarling::{
     AuthorizationConfig, BootstrapConfig, Cedarling, IdTokenTrustMode, JwtConfig, LogConfig,
     LogLevel, LogTypeConfig, PolicyStoreConfig, PolicyStoreSource, Request, ResourceData,
     TokenValidationConfig, WorkloadBoolOp,
 };
 use jsonwebtoken::Algorithm;
-use std::collections::{HashMap, HashSet};
 
 static POLICY_STORE_RAW_YAML: &str =
     include_str!("../../test_files/policy-store_with_trusted_issuers_ok.yaml");
@@ -62,9 +61,9 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
     // on a specific resource. Each token (access, ID, and userinfo) is required for the
     // authorization process, alongside resource and action details.
     let result = cedarling.authorize(Request {
-        access_token,
-        id_token,
-        userinfo_token,
+        access_token: Some(access_token),
+        id_token: Some(id_token),
+        userinfo_token: Some(userinfo_token),
         action: "Jans::Action::\"Update\"".to_string(),
         context: serde_json::json!({}),
         resource: ResourceData {

jans-cedarling/cedarling/examples/authorize_without_jwt_validation.rs

@@ -1,15 +1,14 @@
-/*
- * This software is available under the Apache-2.0 license.
- * See https://www.apache.org/licenses/LICENSE-2.0.txt for full text.
- *
- * Copyright (c) 2024, Gluu, Inc.
- */
+// This software is available under the Apache-2.0 license.
+// See https://www.apache.org/licenses/LICENSE-2.0.txt for full text.
+//
+// Copyright (c) 2024, Gluu, Inc.
+
+use std::collections::HashMap;
 
 use cedarling::{
     AuthorizationConfig, BootstrapConfig, Cedarling, JwtConfig, LogConfig, LogLevel, LogTypeConfig,
     PolicyStoreConfig, PolicyStoreSource, Request, ResourceData, WorkloadBoolOp,
 };
-use std::collections::HashMap;
 
 static POLICY_STORE_RAW: &str = include_str!("../../test_files/policy-store_ok.yaml");
 
@@ -113,9 +112,9 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
     let userinfo_token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2FkbWluLXVpLXRlc3QuZ2x1dS5vcmciLCJzdWIiOiJib0c4ZGZjNU1LVG4zN283Z3NkQ2V5cUw4THBXUXRnb080MW0xS1p3ZHEwIiwiY2xpZW50X2lkIjoiNWI0NDg3YzQtOGRiMS00MDlkLWE2NTMtZjkwN2I4MDk0MDM5IiwiYXVkIjoiNWI0NDg3YzQtOGRiMS00MDlkLWE2NTMtZjkwN2I4MDk0MDM5IiwidXNlcm5hbWUiOiJhZG1pbkBnbHV1Lm9yZyIsIm5hbWUiOiJEZWZhdWx0IEFkbWluIFVzZXIiLCJlbWFpbCI6ImFkbWluQGdsdXUub3JnIiwiY291bnRyeSI6IlVTIiwianRpIjoidXNyaW5mb190a25fanRpIn0.NoR53vPZFpfb4vFk85JH9RPx7CHsaJMZwrH3fnB-N60".to_string();
 
     let result = cedarling.authorize(Request {
-        access_token,
-        id_token,
-        userinfo_token,
+        access_token: Some(access_token),
+        id_token: Some(id_token),
+        userinfo_token: Some(userinfo_token),
         action: "Jans::Action::\"Update\"".to_string(),
         context: serde_json::json!({}),
         resource: ResourceData {

jans-cedarling/cedarling/examples/log_init.rs

@@ -1,21 +1,20 @@
-/*
- * This software is available under the Apache-2.0 license.
- * See https://www.apache.org/licenses/LICENSE-2.0.txt for full text.
- *
- * Copyright (c) 2024, Gluu, Inc.
- */
+// This software is available under the Apache-2.0 license.
+// See https://www.apache.org/licenses/LICENSE-2.0.txt for full text.
+//
+// Copyright (c) 2024, Gluu, Inc.
 
 // The following macro uses conditional compilation to include this file code
 // only when the target platform is NOT WebAssembly. This is not required to
 // use the library but is needed here since Cedarling compiles binding to WASM
 // and `use std::env` prevents that compilation.
 #![cfg(not(target_family = "wasm"))]
 
+use std::env;
+
 use cedarling::{
     AuthorizationConfig, BootstrapConfig, Cedarling, JwtConfig, LogConfig, LogLevel, LogStorage,
     LogTypeConfig, MemoryLogConfig, PolicyStoreConfig, PolicyStoreSource, WorkloadBoolOp,
 };
-use std::env;
 
 // The human-readable policy and schema file is located in next folder:
 // `test_files\policy-store_ok`

jans-cedarling/cedarling/src/authz/authorize_result.rs

@@ -1,14 +1,13 @@
-/*
- * This software is available under the Apache-2.0 license.
- * See https://www.apache.org/licenses/LICENSE-2.0.txt for full text.
- *
- * Copyright (c) 2024, Gluu, Inc.
- */
+// This software is available under the Apache-2.0 license.
+// See https://www.apache.org/licenses/LICENSE-2.0.txt for full text.
+//
+// Copyright (c) 2024, Gluu, Inc.
+
+use std::collections::HashSet;
 
 use cedar_policy::Decision;
 use serde::ser::SerializeStruct;
 use serde::{Serialize, Serializer};
-use std::collections::HashSet;
 
 use crate::bootstrap_config::WorkloadBoolOp;