/openfga

A high performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar

Primary LanguageGoApache License 2.0Apache-2.0

OpenFGA

GitHub release (latest SemVer) Container Image Downloads License Codecov Snyk Vulnerabilities for GitHub Repo Discord Server Twitter

A high performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar.

OpenFGA is designed to make it easy for developers to model their application permissions, and to add and integrate fine-grained authorization into their applications.

Getting Started

The following section is intended to help you get started quickly. For more in-depth information, please take a look at our official Documentation.

Setup and Installation

ℹ️ The following sections setup an OpenFGA server using the default configuration values. These are intended for rapid development and not for a production environment.

For more information on how to configure the OpenFGA server, please take a look at our official documentation on Configuring OpenFGA or our Production Checklist.

Docker Compose

docker-compose.yaml provides an example of how to setup OpenFGA using Docker, and it's a great way to get started quickly.

➜ docker-compose up openfga

Pre-compiled Binaries

Download the latest release for your platform and extract it. Then run the binary with the command:

➜ ./bin/openfga

Source

Make sure you have Go 1.18 or later installed. See the Go downloads page.

You can install from source using Go modules (make sure $GOBIN is on your shell $PATH).

➜ export PATH=$PATH:$(go env GOBIN)
➜ go install github.com/openfga/openfga/cmd/openfga

Or you can build it with the source by cloning the project first and then building it.

➜ git clone https://github.com/openfga/openfga.git && cd openfga
➜ go build cmd/openfga/openfga.go

➜ ./openfga

Verifying the Installation

Now that you have Setup and Installed OpenFGA, you can test your installation by creating an OpenFGA Store.

curl -X POST 'localhost:8080/stores' \
--header 'Content-Type: application/json' \
--data-raw '{
    "name": "openfga-demo"
}'

If everything is running correctly you should get a response with information about the newly created store, for example:

{
    "id": "01G3EMTKQRKJ93PFVDA1SJHWD2",
    "name": "openfga-demo",
    "created_at": "2022-05-19T17:11:12.888680Z",
    "updated_at": "2022-05-19T17:11:12.888680Z"
}

Next Steps

Take a look at examples of how to:

Don't hesitate to browse the official Documentation, API Reference.

Production Readiness

The core OpenFGA service is used by Auth0 FGA, and it has been used in production since December 2021.

OpenFGA's PostgreSQL Storage Adapter was built specifically for OpenFGA and does not have production usage yet.

The OpenFGA team will do its best to address all production issues with high priority.

Contributing

See CONTRIBUTING.