Skip to content
STANDARD

OpenID AuthZEN-search — Primer

AuthZEN Search profile specifies POST /access/v1/query to return authorized items for a subject with server‑controlled pagination.

Visual representation of OpenID AuthZEN-search standard
← All standards

Why it matters

Standards reduce risk and vendor lock‑in. We implement this spec across our Studios and runtime so policy is portable.

Where it’s enforced

  • Gateway: pre‑execution gating (plan/schema pins, params/egress)
  • Shield: inline budgets/stream caps/content checks
  • PDP: decisions with constraints/obligations/TTL
  • IdP: passports, token exchange, consent/DPoP

How it works (high level)

Search profile: POST /access/v1/query returns authorized results for the requesting subject with server‑controlled filters/pagination. Use correlation_id for traceability.

mermaid
sequenceDiagram
  participant Client
  participant PDP
  Client->>PDP: POST /access/v1/query { filters, page }
  PDP-->>Client: { items: [...], page: {...} }

References

← OpenID AuthZEN-draft04
All standards