Batteries-Included Authorization

Declarative policy code that maps to your mental model for who is allowed to do what in your system.

Authorization starts out simple

A couple roles, a few if statements in your code. But it gets complex as you add more roles, dynamic permissions, hierarchies, external identity data, customer-configurable permissions. These are hard to express in a sane way and over time can grow into a large amount of custom authorization logic that few engineers want to touch.

“Our team members were able to smash our goals quicker than we did before”

Annabelle Porter,
Customer Service Officer

“Our team members were able to smash our goals quicker than we did before”

Annabelle Porter,
Customer Service Officer

Get a handle on authorization

Separate authorization code from business logic

With oso, you define authorization logic in policies, enabling you to make changes in one place that apply across your entire application, write reusable patterns, and have a single place to control, test and visualize access. And because policies can call into the application and use its objects and classes directly, you don’t have to write repetitive, boilerplate code – oso already has all the necessary context.

Use a declarative, expressive language

Authorization deals in facts and rules about who is allowed to do what in a system. oso provides a declarative policy language called Polar that has semantics that map to common domain concepts like roles and relationships, making it easy to take intuitive concepts and implement them.

Keep the freedom to extend

Many applications share common authorization patterns – perhaps using roles as a model or using the API layer as an enforcement point – but the last mile is rarely the same. oso gives you templates, patterns and building blocks to start from, but all of these are powered by a language that you can integrate wherever and however you need.

What is oso?

oso is an open source policy engine for authorization that you embed in your application. You write policies using the oso policy language, called Polar, to govern who can do what inside your application, and you integrate them with a few lines of code using one of our supported host language integrations. You define your policies separately from your application code, but they can call directly into it.

What users are saying

“oso is awesome. It has made it much easier for us to represent crazy logic in our EHR application and to add new features. It sped up our authZ roadmap 4x.”

Gaurub Pandey, CTO at Dhi

“We love oso because it lets us manage the chaos of access across our models, endpoints and users. We got up to speed and into production with one engineer in 3 weeks, and we're planning to expand to more use cases already.”

Karan Talati, CEO at First Resonance

“oso lets you do a lot easily and quickly.”

Rafi Yagudin, Engineer at CloudBees

“I love how easy oso makes it to get started, then do more complex things as you go.”

Shaun Verch, Engineer at PlanetScale

Let's see some code.

Try oso