This is a live demo of the Biscuit authentication and authorization tokens, where you can test different authorization policies. Each token is made of blocks, each block represents one attenuation level: you can restrict the rights of a token by adding a new block. Authorization policies are written in Datalog, where facts represent data, rules generate more facts from existing facts, checks validate the presence of some facts. To pass the verification phase, all of the checks must succeed.

On the verifier's side, you can define a list of "allow" or "deny" policies, that will be tried one by one until one of them matches.

Test the behaviour of the example token by activating or deactivating blocks or their data, changing conditions (like #read operation to #write and see how the verifier will react).

Choose an example:


Token content

This is the data that will be serialized in a Biscuit token:



Verifier result


Here you can write a query (in rule format) to extract data from the verifier


Verifier content

This is the data that the verifier works with, after having applied all the rules: