authentik/docs/policies/expression/index.md

1.3 KiB

Expression Policy

Expression Policies allows you to write custom Policy Logic using Jinja2 Templating language.

For a language reference, see here.

The following objects are passed into the variable:

  • request: A PolicyRequest object, which has the following properties:
    • request.user: The current User, which the Policy is applied against. (ref)
    • request.http_request: The Django HTTP Request, as documented here.
    • request.obj: A Django Model instance. This is only set if the Policy is ran against an object.
  • pb_flow_plan: Current Plan if Policy is called while a flow is active.
  • pb_is_sso_flow: Boolean which is true if request was initiated by authenticating through an external Provider.
  • pb_is_group_member(user, group_name): Function which checks if user is member of a Group with Name gorup_name.
  • pb_logger: Standard Python Logger Object, which can be used to debug expressions.
  • pb_client_ip: Client's IP Address.

There are also the following custom filters available:

  • regex_match(regex): Return True if value matches regex
  • regex_replace(regex, repl): Replace string matched by regex with repl