feat(jans-cedarling): php binding

.github/workflows/test_cedarling.yml

@@ -11,7 +11,7 @@ permissions:
 
 jobs:
   rust_tests:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     steps:
     - name: Harden Runner
       uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1

jans-cedarling/bindings/cedarling_ext_php_rs/Cargo.toml

@@ -0,0 +1,26 @@
+[package]
+name = "ext_php_rs_test"
+version = "1.1.6"
+edition = "2021"
+
+
+[lib]
+crate-type = ["cdylib"]
+
+[dependencies]
+ext-php-rs = "*"
+serde = "*"
+serde_json = "*"
+thiserror = "*"
+sparkv = "*"
+uuid7 = { version = "1.1.0", features = ["serde", "uuid"] }
+cedar-policy = "4.0.0"
+base64 = "0.22.1"
+url = "2.5.2"
+lazy_static = "1.5.0"
+cedarling = { path = "../../cedarling" } # from a path in the local filesystem
+
+
+[profile.release]
+strip = "debuginfo"
+

jans-cedarling/bindings/cedarling_ext_php_rs/README.md

@@ -0,0 +1,40 @@
+# cedarling_ext_php_rs
+
+This example uses `ext-php-rs` https://crates.io/crates/ext-php-rs to create a PHP extension library from Rust code. Follow the steps below to install and build the library.
+
+## Steps to make it working
+
+NOTICE!!! Here is assumed that  your cedarling repository existed on the path: /var/www/html/cedarling/jans . If it is under the different path then you need to change prefixes on steps 1. and 4 to your correct ones.
+
+1. 
+
+   ```bash
+   cd /var/www/html/cedarling/jans/jans-cedarling/bindings/cedarling_ext_php_rs
+   ```
+
+2. 
+   Verify Rust installation by running:
+
+   ```bash
+   cargo --version
+   ```
+
+   If Rust is not installed, you can install it from [here](https://www.rust-lang.org/tools/install)
+   If Rust is installed but can not be accessed globally then perform command:
+   ```bash
+   export PATH="path_to_cargo_bin/.cargo/bin:$PATH" 
+   ```
+3. Build project
+   ```bash
+   cargo build
+   ```
+
+4. 
+   - Run test : 
+
+     ```bash
+     php -d extension=/var/www/html/cedarling/jans/jans-cedarling/target/debug/libext_php_rs_test.so /var/www/html/cedarling/jans/jans-cedarling/bindings/cedarling_ext_php_rs/test.php
+     ```
+
+5.      You can find php extension library on the path /var/www/html/cedarling/jans/jans-cedarling/target/debug/libext_php_rs_test.so and use it . Function cedarling_authorize_test($token, $payload_str); will be accessible in your php code. 
+

jans-cedarling/bindings/cedarling_ext_php_rs/src/lib.rs

@@ -0,0 +1,66 @@
+#![cfg_attr(windows, feature(abi_vectorcall))]
+use ext_php_rs::prelude::*;
+use cedarling::{
+    BootstrapConfig, Cedarling, JwtConfig, LogConfig, LogTypeConfig, PolicyStoreConfig,
+    PolicyStoreSource, Request, ResourceData,
+};
+use std::collections::HashMap;
+
+static POLICY_STORE_RAW: &str = include_str!("policy-store_ok.json");
+
+#[php_function]
+
+//cedarling_authorize_test() function is exported as PHP extension library 
+
+pub fn cedarling_authorize_test(acc_tok_str: &str,payload_str: &str) -> String {
+    let cedarling = match Cedarling::new(BootstrapConfig {
+        application_name: "test_app".to_string(),
+        log_config: LogConfig {
+            log_type: LogTypeConfig::StdOut,
+        },
+        policy_store_config: PolicyStoreConfig {
+            source: PolicyStoreSource::Json(POLICY_STORE_RAW.to_string()),
+            store_id: None,
+        },
+        jwt_config: JwtConfig::Disabled,
+    }) {
+        Ok(cedarling_instance) => cedarling_instance, // success case
+        Err(e) => {
+            eprintln!("Failed to initialize Cedarling: {:?}", e); 
+            // Return a default error message or a specific String on failure
+            return format!("Hello, {}! (Failed to initialize Cedarling)", payload_str); 
+        }
+    };
+    let id_token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhY3IiOiJiYXNpYyIsImFtciI6IjEwIiwiYXVkIjoiNWI0NDg3YzQtOGRiMS00MDlkLWE2NTMtZjkwN2I4MDk0MDM5IiwiZXhwIjoxNzI0ODM1ODU5LCJpYXQiOjE3MjQ4MzIyNTksInN1YiI6ImJvRzhkZmM1TUtUbjM3bzdnc2RDZXlxTDhMcFdRdGdvTzQxbTFLWndkcTAiLCJpc3MiOiJodHRwczovL2FkbWluLXVpLXRlc3QuZ2x1dS5vcmciLCJqdGkiOiJzazNUNDBOWVNZdWs1c2FIWk5wa1p3Iiwibm9uY2UiOiJjMzg3MmFmOS1hMGY1LTRjM2YtYTFhZi1mOWQwZTg4NDZlODEiLCJzaWQiOiI2YTdmZTUwYS1kODEwLTQ1NGQtYmU1ZC01NDlkMjk1OTVhMDkiLCJqYW5zT3BlbklEQ29ubmVjdFZlcnNpb24iOiJvcGVuaWRjb25uZWN0LTEuMCIsImNfaGFzaCI6InBHb0s2WV9SS2NXSGtVZWNNOXV3NlEiLCJhdXRoX3RpbWUiOjE3MjQ4MzA3NDYsImdyYW50IjoiYXV0aG9yaXphdGlvbl9jb2RlIiwic3RhdHVzIjp7InN0YXR1c19saXN0Ijp7ImlkeCI6MjAyLCJ1cmkiOiJodHRwczovL2FkbWluLXVpLXRlc3QuZ2x1dS5vcmcvamFucy1hdXRoL3Jlc3R2MS9zdGF0dXNfbGlzdCJ9fX0.8BwLLGkFpWGx8wGpvVmNk_Ao8nZrP_WT-zoo-MY4zqY".to_string();
+
+    let access_token = (*acc_tok_str).to_string();
+
+    let result = cedarling.authorize(Request {
+        access_token,
+        id_token,
+        action: "Jans::Action::\"Update\"".to_string(),
+        context: serde_json::json!({}),
+        resource: ResourceData {
+            id: "random_id".to_string(),
+            resource_type: "Jans::Issue".to_string(),
+            payload: HashMap::from_iter([(
+                "org_id".to_string(),
+                serde_json::Value::String((*payload_str).to_string()),
+            )]),
+        },
+    });
+	//
+	//
+    match result {
+        Ok(auth_result) => format!("Hello, {}! Authorization success result: {}!", payload_str, auth_result.is_allowed().to_string() ),
+        Err(e) => format!("Hello, {}! Authorization failed: {:?}", payload_str, e),
+    }
+
+    //
+}
+
+
+#[php_module]
+pub fn get_module(module: ModuleBuilder) -> ModuleBuilder {
+    module
+}

jans-cedarling/bindings/cedarling_ext_php_rs/src/policy-store_ok.json

@@ -0,0 +1,15 @@
+{
+    "8b805e22fdd39f3dd33a13d9fb446d8e6314153ca997": {
+        "name": "gluustore",
+        "description": "gluu",
+        "policies": {
+            "840da5d85403f35ea76519ed1a18a33989f855bf1cf8": {
+                "description": "simple policy example",
+                "creation_date": "2024-09-20T17:22:39.996050",
+                "policy_content": "cGVybWl0KAogICAgcHJpbmNpcGFsIGlzIEphbnM6Oldvcmtsb2FkLAogICAgYWN0aW9uIGluIFtKYW5zOjpBY3Rpb246OiJVcGRhdGUiXSwKICAgIHJlc291cmNlIGlzIEphbnM6Oklzc3VlCil3aGVuewogICAgcHJpbmNpcGFsLm9yZ19pZCA9PSByZXNvdXJjZS5vcmdfaWQKfTs="
+            }
+        },
+        "identity_source": {},
+        "schema": "ewogICAgIkphbnMiOiB7CiAgICAgICAgImNvbW1vblR5cGVzIjogewogICAgICAgICAgICAiVXJsIjogewogICAgICAgICAgICAgICAgInR5cGUiOiAiUmVjb3JkIiwKICAgICAgICAgICAgICAgICJhdHRyaWJ1dGVzIjogewogICAgICAgICAgICAgICAgICAgICJob3N0IjogewogICAgICAgICAgICAgICAgICAgICAgICAidHlwZSI6ICJFbnRpdHlPckNvbW1vbiIsCiAgICAgICAgICAgICAgICAgICAgICAgICJuYW1lIjogIlN0cmluZyIKICAgICAgICAgICAgICAgICAgICB9LAogICAgICAgICAgICAgICAgICAgICJwYXRoIjogewogICAgICAgICAgICAgICAgICAgICAgICAidHlwZSI6ICJFbnRpdHlPckNvbW1vbiIsCiAgICAgICAgICAgICAgICAgICAgICAgICJuYW1lIjogIlN0cmluZyIKICAgICAgICAgICAgICAgICAgICB9LAogICAgICAgICAgICAgICAgICAgICJwcm90b2NvbCI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAiRW50aXR5T3JDb21tb24iLAogICAgICAgICAgICAgICAgICAgICAgICAibmFtZSI6ICJTdHJpbmciCiAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSwKICAgICAgICAiZW50aXR5VHlwZXMiOiB7CiAgICAgICAgICAgICJBY2Nlc3NfdG9rZW4iOiB7CiAgICAgICAgICAgICAgICAic2hhcGUiOiB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAiUmVjb3JkIiwKICAgICAgICAgICAgICAgICAgICAiYXR0cmlidXRlcyI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgImF1ZCI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ0eXBlIjogIkVudGl0eU9yQ29tbW9uIiwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJuYW1lIjogIlN0cmluZyIKICAgICAgICAgICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgICAgICAgICAgImV4cCI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ0eXBlIjogIkVudGl0eU9yQ29tbW9uIiwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJuYW1lIjogIkxvbmciCiAgICAgICAgICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgICAgICAgICAgICJpYXQiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAidHlwZSI6ICJFbnRpdHlPckNvbW1vbiIsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAibmFtZSI6ICJMb25nIgogICAgICAgICAgICAgICAgICAgICAgICB9LAogICAgICAgICAgICAgICAgICAgICAgICAiaXNzIjogewogICAgICAgICAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAiRW50aXR5T3JDb21tb24iLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgIm5hbWUiOiAiVHJ1c3RlZElzc3VlciIKICAgICAgICAgICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgICAgICAgICAgImp0aSI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ0eXBlIjogIkVudGl0eU9yQ29tbW9uIiwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJuYW1lIjogIlN0cmluZyIKICAgICAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSwKICAgICAgICAgICAgIklzc3VlIjogewogICAgICAgICAgICAgICAgInNoYXBlIjogewogICAgICAgICAgICAgICAgICAgICJ0eXBlIjogIlJlY29yZCIsCiAgICAgICAgICAgICAgICAgICAgImF0dHJpYnV0ZXMiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICJvcmdfaWQiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAidHlwZSI6ICJFbnRpdHlPckNvbW1vbiIsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAibmFtZSI6ICJTdHJpbmciCiAgICAgICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0sCiAgICAgICAgICAgICJUcnVzdGVkSXNzdWVyIjogewogICAgICAgICAgICAgICAgInNoYXBlIjogewogICAgICAgICAgICAgICAgICAgICJ0eXBlIjogIlJlY29yZCIsCiAgICAgICAgICAgICAgICAgICAgImF0dHJpYnV0ZXMiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICJpc3N1ZXJfZW50aXR5X2lkIjogewogICAgICAgICAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAiRW50aXR5T3JDb21tb24iLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgIm5hbWUiOiAiVXJsIgogICAgICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9LAogICAgICAgICAgICAiV29ya2xvYWQiOiB7CiAgICAgICAgICAgICAgICAic2hhcGUiOiB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAiUmVjb3JkIiwKICAgICAgICAgICAgICAgICAgICAiYXR0cmlidXRlcyI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgImNsaWVudF9pZCI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ0eXBlIjogIkVudGl0eU9yQ29tbW9uIiwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJuYW1lIjogIlN0cmluZyIKICAgICAgICAgICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgICAgICAgICAgImlzcyI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ0eXBlIjogIkVudGl0eU9yQ29tbW9uIiwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJuYW1lIjogIlRydXN0ZWRJc3N1ZXIiCiAgICAgICAgICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgICAgICAgICAgICJuYW1lIjogewogICAgICAgICAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAiRW50aXR5T3JDb21tb24iLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgIm5hbWUiOiAiU3RyaW5nIgogICAgICAgICAgICAgICAgICAgICAgICB9LAogICAgICAgICAgICAgICAgICAgICAgICAib3JnX2lkIjogewogICAgICAgICAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAiRW50aXR5T3JDb21tb24iLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgIm5hbWUiOiAiU3RyaW5nIgogICAgICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSwKICAgICAgICAiYWN0aW9ucyI6IHsKICAgICAgICAgICAgIlVwZGF0ZSI6IHsKICAgICAgICAgICAgICAgICJhcHBsaWVzVG8iOiB7CiAgICAgICAgICAgICAgICAgICAgInJlc291cmNlVHlwZXMiOiBbCiAgICAgICAgICAgICAgICAgICAgICAgICJJc3N1ZSIKICAgICAgICAgICAgICAgICAgICBdLAogICAgICAgICAgICAgICAgICAgICJwcmluY2lwYWxUeXBlcyI6IFsKICAgICAgICAgICAgICAgICAgICAgICAgIldvcmtsb2FkIgogICAgICAgICAgICAgICAgICAgIF0KICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KfQ=="
+    }
+}

jans-cedarling/bindings/cedarling_ext_php_rs/test.php

@@ -0,0 +1,34 @@
+<?php
+
+$token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJib0c4ZGZjNU1LVG4zN283Z3NkQ2V5cUw4THBXUXRnb080MW0xS1p3ZHEwIiwiY29kZSI6ImJmMTkzNGY2LTM5MDUtNDIwYS04Mjk5LTZiMmUzZmZkZGQ2ZSIsImlzcyI6Imh0dHBzOi8vYWRtaW4tdWktdGVzdC5nbHV1Lm9yZyIsInRva2VuX3R5cGUiOiJCZWFyZXIiLCJjbGllbnRfaWQiOiI1YjQ0ODdjNC04ZGIxLTQwOWQtYTY1My1mOTA3YjgwOTQwMzkiLCJhdWQiOiI1YjQ0ODdjNC04ZGIxLTQwOWQtYTY1My1mOTA3YjgwOTQwMzkiLCJhY3IiOiJiYXNpYyIsIng1dCNTMjU2IjoiIiwic2NvcGUiOlsib3BlbmlkIiwicHJvZmlsZSJdLCJvcmdfaWQiOiJzb21lX2xvbmdfaWQiLCJhdXRoX3RpbWUiOjE3MjQ4MzA3NDYsImV4cCI6MTcyNDk0NTk3OCwiaWF0IjoxNzI0ODMyMjU5LCJqdGkiOiJseFRtQ1ZSRlR4T2pKZ3ZFRXBvek1RIiwibmFtZSI6IkRlZmF1bHQgQWRtaW4gVXNlciIsInN0YXR1cyI6eyJzdGF0dXNfbGlzdCI6eyJpZHgiOjIwMSwidXJpIjoiaHR0cHM6Ly9hZG1pbi11aS10ZXN0LmdsdXUub3JnL2phbnMtYXV0aC9yZXN0djEvc3RhdHVzX2xpc3QifX19._eQT-DsfE_kgdhA0YOyFxxPEMNw44iwoelWa5iU1n9s";
+
+$payload_str = "some_long_id";
+
+var_dump(cedarling_authorize_test($token,$payload_str));//we pass ID of Organization into $payload_str parameter. 
+
+
+/*
+Later, within rust code we check : principal.org_id == resource.org_id  from cedar policy:
+
+permit(
+    principal is Jans::Workload,
+    action in [Jans::Action::"Update"],
+    resource is Jans::Issue
+)when{
+    principal.org_id == resource.org_id
+};
+
+Value ,"org_id":"some_long_id" is passwed in access token which is base64 encoded
+
+Decoded value of $token:
+
+
+decoded access_token = 
+{"alg":"HS256","typ":"JWT"}{"sub":"boG8dfc5MKTn37o7gsdCeyqL8LpWQtgoO41m1KZwdq0","code":"bf1934f6-3905-420a-8299-6b2e3ffddd6e","iss":"https://admin-ui-test.gluu.org","token_type":"Bearer","client_id":"5b4487c4-8db1-409d-a653-f907b8094039","aud":"5b4487c4-8db1-409d-a653-f907b8094039","acr":"basic","x5t#S256":"","scope":["openid","profile"],"org_id":"some_long_id","auth_time":1724830746,"exp":1724945978,"iat":1724832259,"jti":"lxTmCVRFTxOjJgvEEpozMQ","name":"Default Admin User","status":{"status_list":{"idx":201,"uri":"https://admin-ui-test.gluu.org/jans-auth/restv1/status_list"}}}
+
+
+
+*/
+
+
+

jans-cedarling/bindings/cedarling_php_rs/Cargo.toml

@@ -0,0 +1,25 @@
+[package]
+name = "cedarling_php_rs"
+version = "1.1.6"
+edition = "2021"
+
+
+[lib]
+crate-type = ["cdylib"]
+
+[dependencies]
+ext-php-rs = "*"
+serde = "*"
+serde_json = "*"
+thiserror = "*"
+sparkv = "*"
+uuid7 = { version = "1.1.0", features = ["serde", "uuid"] }
+cedar-policy = "4.0.0"
+base64 = "0.22.1"
+url = "2.5.2"
+lazy_static = "1.5.0"
+cedarling = { path = "../../cedarling" } # local path to cedarling
+
+[profile.release]
+strip = "debuginfo"
+

jans-cedarling/bindings/cedarling_php_rs/README.md

@@ -0,0 +1,49 @@
+# cedarling_ext_php_rs
+
+This example uses `ext-php-rs` https://crates.io/crates/ext-php-rs to create a PHP extension library from Rust code. Follow the steps below to install and build the library.
+
+## Steps to make it working
+
+NOTICE!!! Here is assumed that  your cedarling repository existed on the path: /var/www/html/cedarling/jans . If it is under the different path then you need to change prefixes on steps 1. and 4 to your correct ones.
+
+1. 
+
+   ```bash
+   cd /var/www/html/cedarling/jans/jans-cedarling/bindings/cedarling_php_rs
+   ```
+
+2. 
+   Verify Rust installation by running:
+
+   ```bash
+   cargo --version
+   ```
+
+   If Rust is not installed, you can install it from [here](https://www.rust-lang.org/tools/install)
+   If Rust is installed but can not be accessed globally then perform command:
+   ```bash
+   export PATH="path_to_cargo_bin/.cargo/bin:$PATH" 
+   ```
+3. Build project
+   ```bash
+   cargo build
+   ```
+
+4. 
+   - Run test : 
+
+     ```bash
+     php -d extension=/var/www/html/cedarling/jans/jans-cedarling/target/debug/libcedarling_php_rs.so /var/www/html/cedarling/jans/jans-cedarling/bindings/cedarling_php_rs/test.php
+     ```
+
+5.      You can find php extension library on the path /var/www/html/cedarling/jans/jans-cedarling/target/debug/libcedarling_php_rs.so and use it by adding to php.ini. Typical example of using:
+
+$cedarling = new Cedarling();
+$access_token = "you_access_token";
+$id_token = "your_id_token";
+$org_id = "some_long_id";
+
+$result = $cedarling->authz($access_token, $id_token, $org_id);
+var_dump($result);
+
+

jans-cedarling/bindings/cedarling_php_rs/src/lib.rs

@@ -0,0 +1,73 @@
+#![cfg_attr(windows, feature(abi_vectorcall))]
+
+use ext_php_rs::prelude::*;
+use cedarling::{
+    BootstrapConfig, Cedarling as RustCedarling, JwtConfig, LogConfig, LogTypeConfig, PolicyStoreConfig,
+    PolicyStoreSource, Request, ResourceData,
+};
+use std::collections::HashMap;
+
+static POLICY_STORE_RAW: &str = include_str!("policy-store_ok.json");
+
+#[php_class]
+pub struct Cedarling {
+    cedarling: RustCedarling, // Wrap the Rust Cedarling instance
+}
+
+#[php_impl]
+impl Cedarling {
+    // Define the __construct method that PHP can use to instantiate the object
+    #[php_method]
+    pub fn __construct() -> PhpResult<Self> {
+        // Initialize the Cedarling instance with the BootstrapConfig
+        let cedarling = RustCedarling::new(BootstrapConfig {
+            application_name: "test_app".to_string(),
+            log_config: LogConfig {
+                log_type: LogTypeConfig::StdOut,
+            },
+            policy_store_config: PolicyStoreConfig {
+                source: PolicyStoreSource::Json(POLICY_STORE_RAW.to_string()),
+                store_id: None,
+            },
+            jwt_config: JwtConfig::Disabled,
+        }).map_err(|e| format!("Failed to initialize Cedarling: {:?}", e))?;
+
+        Ok(Cedarling { cedarling })
+    }
+
+    // PHP-exposed authorization method
+    pub fn authz(
+        &mut self,
+        access_token: &str,
+        id_token: &str,
+        org_id: &str,
+    ) -> PhpResult<String> {
+        // Perform the authorization logic
+        let result = self.cedarling.authorize(Request {
+            access_token: access_token.to_string(),
+            id_token: id_token.to_string(),
+            action: "Jans::Action::\"Update\"".to_string(),
+            context: serde_json::json!({}),
+            resource: ResourceData {
+                id: "random_id".to_string(),
+                resource_type: "Jans::Issue".to_string(),
+                payload: HashMap::from_iter([(
+                    "org_id".to_string(),
+                    serde_json::Value::String(org_id.to_string()),
+                )]),
+            },
+        });
+
+        // Return the result of authorization to PHP
+        match result {
+            Ok(auth_result) => Ok(format!("Authorization success: {}", auth_result.is_allowed())),
+            Err(e) => Err(format!("Authorization failed: {:?}", e).into()),
+        }
+    }
+}
+
+#[php_module]
+pub fn get_module(module: ModuleBuilder) -> ModuleBuilder {
+    module
+}
+