A high performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar.
OpenFGA is designed to make it easy for developers to model their application permissions, and to add and integrate fine-grained authorization into their applications.
The following section is intended to help you get started quickly. For more in-depth information, please take a look at our official Documentation.
ℹ️ The following sections setup an OpenFGA server using the default configuration values. These are intended for rapid development and not for a production environment.
For more information on how to configure the OpenFGA server, please take a look at our official documentation on Configuring OpenFGA or our Production Checklist.
docker-compose.yaml
provides an example of how to setup OpenFGA using Docker, and it's a great way to get started quickly.
➜ docker-compose up openfga
Download the latest release for your platform and extract it. Then run the binary with the command:
➜ ./bin/openfga
Make sure you have Go 1.18 or later installed. See the Go downloads page.
You can install from source using Go modules (make sure $GOBIN
is on your shell $PATH
).
➜ export PATH=$PATH:$(go env GOBIN)
➜ go install github.com/openfga/openfga/cmd/openfga
Or you can build it with the source by cloning the project first and then building it.
➜ git clone https://github.com/openfga/openfga.git && cd openfga
➜ go build cmd/openfga/openfga.go
➜ ./openfga
Now that you have Setup and Installed OpenFGA, you can test your installation by creating an OpenFGA Store.
curl -X POST 'localhost:8080/stores' \
--header 'Content-Type: application/json' \
--data-raw '{
"name": "openfga-demo"
}'
If everything is running correctly you should get a response with information about the newly created store, for example:
{
"id": "01G3EMTKQRKJ93PFVDA1SJHWD2",
"name": "openfga-demo",
"created_at": "2022-05-19T17:11:12.888680Z",
"updated_at": "2022-05-19T17:11:12.888680Z"
}
Take a look at examples of how to:
Don't hesitate to browse the official Documentation, API Reference.
The core OpenFGA service is used by Auth0 FGA, and it has been used in production since December 2021.
OpenFGA's PostgreSQL Storage Adapter was built specifically for OpenFGA and does not have production usage yet.
The OpenFGA team will do its best to address all production issues with high priority.
See CONTRIBUTING.