ofga is a wrapper library for conveniently interacting with OpenFGA instances.
OpenFGA is an open-source Fine-Grained Authorization (FGA) solution that provides a framework and set of tools for implementing fine-grained access control and permission management in applications.
This Go library builds upon the default OpenFGA client by providing a more convenient and streamlined interface. It simplifies common interactions with OpenFGA instances, offering an alternative API that implements a commonly-used set of opinionated operations.
Install the library using the following command:
go get -u github.com/canonical/ofga
Import the library in your code:
import "github.com/canonical/ofga"
Create a new ofga client and handle any errors:
ctx = context.Background()
// Create a new ofga client
client, err := ofga.NewClient(ctx, ofga.OpenFGAParams{
Scheme: os.Getenv("OPENFGA_API_SCHEME"), // defaults to `https` if not specified.
Host: os.Getenv("OPENFGA_API_HOST"),
Port: os.Getenv("OPENFGA_API_PORT"),
Token: os.Getenv("SECRET_TOKEN"), // Optional, based on the OpenFGA instance configuration.
StoreID: os.Getenv("OPENFGA_STORE_ID"), // Required only when connecting to a pre-existing store.
AuthModelID: os.Getenv("OPENFGA_AUTH_MODEL_ID"), // Required only when connecting to a pre-existing auth model.
})
if err != nil {
// Handle error
}
Use the client to interact with OpenFGA instances based on your requirements. For example:
err = client.AddRelation(ctx, ofga.Tuple{
Object: &ofga.Entity{Kind: "user", ID: "123"},
Relation: "editor",
Target: &ofga.Entity{Kind: "document", ID: "ABC"},
})
if err != nil {
// Handle error
}
Use the client to check for relations:
allowed, err = client.CheckRelation(ctx, ofga.Tuple{
Object: &ofga.Entity{Kind: "user", ID: "123"},
Relation: "viewer",
Target: &ofga.Entity{Kind: "document", ID: "ABC"},
})
if err != nil {
// Handle error
}
if !allowed {
// Permission denied
}
... // Perform action
The documentation for this package can be found on pkg.go.dev.
If you encounter any issues or have suggestions for improvements, please open an issue on the GitHub repository.