SpiceDB Client for .NET, generated from authzed protobuf definitions
dotnet add package sains1.SpiceDbClient
The code below shows how to configure the clients using GRPC client factory in your Program.cs
. You probably only need the PermissionsServiceClient
to begin with.
// Program.cs
builder.Services.AddGrpcClient<PermissionsService.PermissionsServiceClient>(ConfigureSpiceDbGrpcClient)
.ConfigureChannel(ConfigureSpiceDbChannel);
builder.Services.AddGrpcClient<SchemaService.SchemaServiceClient>(ConfigureSpiceDbGrpcClient)
.ConfigureChannel(ConfigureSpiceDbChannel);
builder.Services.AddGrpcClient<ExperimentalService.ExperimentalServiceClient>(ConfigureSpiceDbGrpcClient)
.ConfigureChannel(ConfigureSpiceDbChannel);
builder.Services.AddGrpcClient<WatchService.WatchServiceClient>(ConfigureSpiceDbGrpcClient)
.ConfigureChannel(ConfigureSpiceDbChannel);
void ConfigureSpiceDbGrpcClient(IServiceProvider provider, GrpcClientFactoryOptions options)
{
// NOTE - Configure the SpiceDB address instead of hardcoding it
options.Address = new Uri("http://localhost:50051");
}
void ConfigureSpiceDbChannel(IServiceProvider provider, GrpcChannelOptions options)
{
var credentials = CallCredentials.FromInterceptor((context, metadata) =>
{
// NOTE - Configure the token instead of hardcoding it
const string token = "somerandomkeyhere";
metadata.Add("Authorization", $"Bearer {token}");
return Task.CompletedTask;
});
// NOTE - Configure TLS and don't use InsecureChannelCallCredentials in production
options.UnsafeUseInsecureChannelCallCredentials = true;
options.Credentials = ChannelCredentials.Create(ChannelCredentials.Insecure, credentials);
}
public class MyService
{
private readonly PermissionsService.PermissionsServiceClient _client { get; set; }
public MyService(PermissionsService.PermissionsServiceClient client)
{
_client = client;
}
public async Task<bool> CheckCanSeeThing(string userName, string thingName)
{
var permission = await _client.CheckPermissionAsync(new CheckPermissionRequest
{
Consistency = new Consistency
{
FullyConsistent = true
},
Subject = new SubjectReference
{
Object = new ObjectReference
{
ObjectType = "user",
ObjectId = userName
}
},
Permission = "can_see_thing",
Resource = new ObjectReference
{
ObjectType = "thing",
ObjectId = thingName
}
});
return permission.Permissionship == CheckPermissionResponse.Types.Permissionship.HasPermission;
}
}
-
Install buf from https://docs.buf.build/installation (or
npm install
) -
Find the updated dependency ids from the SpiceDB buf lockfile
-
Replace the authzed version and dependency commit ids in the package.json with those from the lockfile
-
Update package version in SpiceDbClient.csproj