Affected by 
README
¶
OpenFGA
A high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar.
OpenFGA is designed to make it easy for developers to model their application permissions and add and integrate fine-grained authorization into their applications.
Getting Started
The following section aims to help you get started quickly. Please look at our official documentation for in-depth information.
Setup and Installation
ℹ️ The following sections setup an OpenFGA server using the default configuration values. These are for rapid development and not for a production environment.
For more information on how to configure the OpenFGA server, please take a look at our official documentation on Configuring OpenFGA or our Production Checklist.
Docker
Given OpenFGA is available on Dockerhub you can quickly start it using the in-memory datastore by running the following command:
docker run -p 8080:8080 openfga/openfga:latest
Docker Compose
docker-compose.yaml provides an example of how to launch OpenFGA using docker compose. It launches PostgreSQL too, but it's not wired up to use it as a datastore yet:
docker compose up openfga
If you haven't cloned the repository you can get the docker-compose.yaml file with the following command:
curl -LO https://openfga.dev/docker-compose.yaml
Pre-compiled Binaries
Download your platform's latest release and extract it. Then run the binary with the command:
./bin/openfga run
Source
Make sure you have Go 1.18 or later installed. See the Go downloads page.
You can install from source using Go modules (make sure $GOBIN is on your shell $PATH).
export PATH=$PATH:$(go env GOBIN)
Then:
go install github.com/openfga/openfga/cmd/openfga
Or you can build it with the source by cloning the project and then building it.
git clone https://github.com/openfga/openfga.git && cd openfga
go build cmd/openfga/openfga.go
./openfga
Verifying the Installation
Now that you have Setup and Installed OpenFGA, you can test your installation by creating an OpenFGA Store.
curl -X POST 'localhost:8080/stores' \
--header 'Content-Type: application/json' \
--data-raw '{
"name": "openfga-demo"
}'
If everything is running correctly, you should get a response with information about the newly created store, for example:
{
"id": "01G3EMTKQRKJ93PFVDA1SJHWD2",
"name": "openfga-demo",
"created_at": "2022-05-19T17:11:12.888680Z",
"updated_at": "2022-05-19T17:11:12.888680Z"
}
Next Steps
Take a look at examples of how to:
- Write an Authorization Model
- Write Relationship Tuples
- Perform Authorization Checks
- Add Authentication to your OpenFGA server
Don't hesitate to browse the official Documentation, API Reference.
Production Readiness
The core OpenFGA service has been in use by Auth0 FGA in production since December 2021.
OpenFGA's PostgreSQL Storage Adapter was purposely built for OpenFGA and does not have production usage yet.
The OpenFGA team will do its best to address all production issues with high priority.
Contributing
See CONTRIBUTING.
Directories