What is Oso?


noun /ˈō-sō/ — a batteries-included library for building authorization in your application

Oso is a library.

  • It's local.
  • It supports multiple application languages.
  • To add authorization to your app, create a new Oso instance and load a rule written in Oso's human-readable policy language, Polar.
Try in your language

Oso comes batteries-included.

  • You get APIs for managing roles, returning permissions to the frontend and other common patterns.
  • You get integrations with web frameworks and ORMs that incorporate best practices.
  • You get templates for coarse- or fine-grained authorization, at the request layer or at the data layer, over fields or collections.
Start a tutorial

Oso is backed by a policy language.

  • It's a declarative policy language called Polar.
  • Polar is built to express things like objects, roles, relationships, hierarchies, and tricky combinations of conditionals. (But it can actually be used for other things too.)
  • Polar can get fields, call methods, and match on types defined in your application so you have all the context you need in your policies.
See a policy

Under the Hood

The Pieces

  • Oso is embedded in your application and policies live alongside your application code.
  • When your application starts up, it creates an Oso instance and loads policy files.
  • Oso executes in-process. There are no background threads, runtimes, or garbage collection.
  • You reference application data in policies, but any dynamic inputs (e.g., user roles) live in your database.

At Runtime

  • When your app needs to make an authorization decision, it passes in the relevant data to Oso, e.g., who tried to access what.
  • Oso evaluates the policy against the input data, i.e., it checks if the input data satisfies the policy rules. If the policy refers to data from your application, it fetches this data as part of this process.
  • Oso returns a decision (allowed or denied) to your app, which can either continue or return an error to the user.

The best way to learn is to get your hands dirty.