Skip to content

Protecting pages

Protecting pages

Protecting pages is easy with Kilpi. Pages are easy to protect based on

An explicit policy, e.g. await Kilpi.authorize("my:policy").
According to data accessed on the page, e.g. await listDocuments.protect() (using protected queries).

Use Kilpi.onUnauthorized to redirect to users away from page to any other page.

See example below for Next.js applications.

export default async function Page() {
  Kilpi.onUnauthorized(() => redirect("/login"));

  // (a) Authorize user to page
  await Kilpi.authorize("my:policy");

  // (b) Allow only if has access to data on page (using protected queries)
  const doc = await listDocuments.protect()

  return <div>...</div>
}

Home Docs Articles

Getting started

Introduction Quickstart Project structure Examples Gradual adoption Support development Usage on client

Installation

Express Hono Koa Nest.js Next Oak

Concepts

Authorization object Hooks Plugin Policy Protected query Scope Subject

Guides

Protection basics Apply to UI Protecting actions Protecting pages Protecting queries

Reference

createKilpi createKilpiClient

Plugins

Audit Plugin Endpoint Plugin React Client Plugin React RSC Plugin

Advanced

ABAC RBAC ReBAC Permissions