Authorization module

1.5.0 2023-11-17 09:59 UTC


Latest Stable Version Minimum PHP Version

Generic authorization module that can be used across different layers.

It provides the possibility to implement different authorization strategies using the Spryker\Shared\AuthorizationExtension\Dependency\Plugin\AuthorizationStrategyPluginInterface.

The general idea is that strategies have a name and when an authorization check is requested a strategy can be requested by name. This allows it to share a single strategy coming from one module between different modules and also makes it easy to change strategies.

An authorization request is composed in this way:

  • AuthorizationRequestTransfer
    • has one AuthorizationIdentityTransfer
    • has one AuthorizationEntityTransfer

The identity describes accessor and the entity the object the authoriziation is checked against.

An authorization check will return an AuthorizationResponseTransfer.


composer require spryker/authorization


Spryker Documentation