dfx-opa demo

Switch the shared demo token and navigate through the guarded pages to see how the same OPA permissions drive both routed access and in-page UI state.

Home Kundenverwaltung Organisationsverwaltung

Guarded route

Kundenverwaltung

This route is protected with authzCanActivate against test/Kundenverwaltung . It is reachable with MODERATOR and ADMIN .

Current token

MODERATOR

Guard outcome

Allowed by policy before the page component is activated.

Try the stricter Organisationsverwaltung page

Route guard

{
  path: 'kundenverwaltung',
  canActivate: [policyGuard('test/Kundenverwaltung')],
  component: KundenverwaltungPage,
}

Route guard function

function policyGuard(policy: string) {
  return authzCanActivate({
    fromResult: (result, { router, state }) =>
      result === true
        ? true
        : router.createUrlTree(['/access-denied'], {
            queryParams: {
              from: state.url,
              policy,
              reason: 'denied',
            },
          }),
    onError: (_error, { router, state }) =>
      router.createUrlTree(['/access-denied'], {
        queryParams: {
          from: state.url,
          policy,
          reason: 'error',
        },
      }),
    path: policy,
  });
}

$pnpm add dfx-opa

$npm install dfx-opa

$yarn add dfx-opa

$bun add dfx-opa