Help with the contextual tupels query

deeppatel9 · February 29, 2024, 7:38pm

I’m presently tackling contextual tuples and encountering difficulties retrieving responses from a Postman query. Could anyone assist me in determining the query for list object or check parameters to include in the request body for a Postman API call?

dawid.matuszczyk · February 29, 2024, 8:06pm

Hi @deeppatel9

Welcome to the Auth0 Community!

Can you share more details regarding your question?

Thanks
Dawid

deeppatel9 · February 29, 2024, 8:35pm

This is the FGA check body and with the tupel value ,I’ve substituted “XX” for actual data.
{
“tuple_key”: {
“user”:“XX”,
“relation”:“XX”,
“object”:“XX”
},
“contextual_tuples” : {
“tuple_keys”: [
{
“user”:“XX”,
“relation”:“XX”,
“object”:“XX”
}
]
},
“authorization_model_id”: “XX”
}

FGA response

{
“allowed”: true,
“resolution”: “”
}

The above body includes contextual tuples, and the response remains unchanged. Even if we omit using them, the response remains consistent. What is the accurate body format we should use for the Postman API? Are we currently use the correct body structure?

dawid.matuszczyk · February 29, 2024, 9:04pm

Oh I see, I will change the category from Help to the Okta Fine Grained Authorization as it’s better suited for this question and ask for help from the team. Thank you for your patience.

andres.aguiar · February 29, 2024, 9:56pm

Hi @deeppatel9

To understand the behavior of an FGA model we’d need a model + the tuples you have + the check call you make.

A good way to do it is by following the instructions described here Testing Models | Okta Fine Grained Authorization (FGA) Docs to produce a .fga.yaml file with those.

Would you mind creating a .fga.yaml file that reproduces the issue you see? You can include the contextual tuples in the tuples section of each test.

Let me know if it helps,

Andres

deeppatel9 · March 1, 2024, 6:06pm

We are working on the YAML and in the meantime can you answer the below question,
When changing the tupel value to any text “contextual_tuples” : { … to “1234contextual_tuples” : { … " there is no change in the response or error given in Response API.

Thank you,
Deep

andres.aguiar · March 1, 2024, 7:25pm

The syntax is:

POST /stores/{{store_id}}/check
{
  "tuple_key": {
    "user": "user:maria",
    "relation": "can_edit",
    "object": "document:readme"
  },
  "contextual_tuples": {
    "tuple_keys": [
        {
          "user": "user:maria",
          "relation":"admin",
          "object":"organization:acme"
        }
    ]}
}

We are not rejecting calls that have a parameter we don’t recognize, so 1234contextual_tuples should not return an error, it’s equivalent to not to send the contextual tuples.