Biscuit is an open-source, token-based authorization system.

With Biscuit, you can:

  • allow decentralized verification through public key cryptography
  • allow offline attenuation where, from each token, a new one with narrower rights can be generated
  • create strong security policy enforcement based on a logic language

Biscuit can be used with the command line and support is available in Rust, Haskell, Go, Java, WebAssembly and C.