Auth0.Fga 0.2.3

The ID prefix of this package has been reserved for one of the owners of this package by NuGet.org. Prefix Reserved
.NET 6.0
Suggested Alternatives

OpenFga.Sdk

Additional Details

Ever since OpenFGA was open sourced, our development efforts shifted to focus OpenFga.Sdk (OpenFga.Sdk). With time, we have decided to deprecate this package and ask users of this package to use the OpenFga.Sdk directly.

The OpenFGA Client comes with additional benefits, like the `BatchCheck`, `ListRelations` and non-transactional `Write` methods.

Transitioning should be fairly straight-forward with only a few changes needed.

To configure the OpenFGA SDK to talk to the Auth0/Okta FGA `us1` production API, use the following settings:
- API URL: https://api.us1.fga.dev/
- Credential Method: ClientCredentials
- API Token Issuer: fga.us.auth0.com
- API Audience: https://api.us1.fga.dev/

Learn more here: https://docs.fga.dev/integration/setup-sdk-client
Read the OpenFGA .NET SDK docs here: https://github.com/openfga/dotnet-sdk

There is a newer version of this package available.
See the version list below for details. 
dotnet add package Auth0.Fga --version 0.2.3
NuGet\Install-Package Auth0.Fga -Version 0.2.3
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Auth0.Fga" Version="0.2.3" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
paket add Auth0.Fga --version 0.2.3
#r "nuget: Auth0.Fga, 0.2.3"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
// Install Auth0.Fga as a Cake Addin
#addin nuget:?package=Auth0.Fga&version=0.2.3

// Install Auth0.Fga as a Cake Tool
#tool nuget:?package=Auth0.Fga&version=0.2.3

.NET SDK for Auth0 Fine Grained Authorization (FGA)

This is an autogenerated SDK for Auth0 Fine Grained Authorization (FGA). It provides a wrapper around the Auth0 Fine Grained Authorization API.

Warning: This SDK comes with no SLAs and is not production-ready!

Table of Contents

About Auth0 Fine Grained Authorization

Auth0 Fine Grained Authorization (FGA) is the early-stage product we are building at Auth0 as part of Auth0Lab to solve fine-grained authorization at scale. If you are interested in learning more about our plans, please reach out via our <a target="_blank" href="https://discord.gg/8naAwJfWN6" rel="noreferrer">Discord chat</a>.

Please note:

  • At this point in time, Auth0 Fine Grained Authorization does not come with any SLAs; availability and uptime are not guaranteed.
  • While this project is in its early stages, the SDK methods are in flux and might change without a major bump

Resources

Installation

The Auth0 FGA .NET SDK is available on NuGet.

You can install it using:

dotnet add package Auth0.Fga

Install-Package Auth0.Fga

Search for and install Auth0.Fga in each of their respective package manager UIs.

Getting Started

Initializing the API Client

using Auth0.Fga.Api;
using Auth0.Fga.Client;
using Auth0.Fga.Configuration;
using Auth0.Fga.Model;

namespace Example {
    public class Example {
        public static void Main() {
            try {
                var storeId = Environment.GetEnvironmentVariable("AUTH0_FGA_STORE_ID");
                var environment = Environment.GetEnvironmentVariable("AUTH0_FGA_ENVIRONMENT")
                var configuration = new Configuration(storeId, environment) {
                    ClientId = Environment.GetEnvironmentVariable("AUTH0_FGA_CLIENT_ID"),
                    ClientSecret = Environment.GetEnvironmentVariable("AUTH0_FGA_CLIENT_SECRET"),
                };
                var auth0FgaApi = new Auth0FgaApi(configuration);
                var response = auth0FgaApi.ReadAuthorizationModels();
                Debug.WriteLine(response.AuthorizationModelIds);
            } catch (ApiException e) {
                 Debug.Print("Status Code: "+ e.ErrorCode);
            }
        }
    }
}

Getting your Store ID, Client ID and Client Secret

Production

Make sure you have created your credentials on the Auth0 FGA Dashboard. Learn how ➡

You will need to set the AUTH0_FGA_ENVIRONMENT variable to "us". Provide the store id, client id and client secret you have created on the Dashboard.

Playground

If you are testing this on the public playground, you need to set your AUTH0_FGA_ENVIRONMENT to "playground".

To get your store id, you may copy it from the store you have created on the Playground. Learn how ➡

In the playground environment, you do not need to provide a client id and client secret.

Calling the API

Write Authorization Model

[API Documentation](https://docs.fga.dev/api/service#/Store Models/auth0_fga_WriteAuthorizationModel)

Note: To learn how to build your authorization model, check the Docs at https://docs.fga.dev/

Note: The Auth0 FGA Playground, Dashboard and Documentation use a friendly syntax which gets translated to the API syntax seen below. Learn more about the Auth0 FGA configuration language.

var relations = new Dictionary<string, Userset>()
{
    {"writer", new Userset(_this: new object())},
    {
        "reader",
        new Userset(union: new Usersets(new List<Userset>()
            {new(new object(), new ObjectRelation("", "writer"))}))
    }
};
var body = new TypeDefinitions(new List<TypeDefinition>() {new("repo", relations)});
var response = await auth0FgaApi.WriteAuthorizationModel(body);

// response.AuthorizationModelId = 1uHxCSuTP0VKPYSnkq1pbb1jeZw
Read a Single Authorization Model

[API Documentation](https://docs.fga.dev/api/service#/Store Models/auth0_fga_ReadAuthorizationModel)

string authorizationModelId = "1uHxCSuTP0VKPYSnkq1pbb1jeZw"; // Assuming `1uHxCSuTP0VKPYSnkq1pbb1jeZw` is an id of an existing model
var response = await auth0FgaApi.ReadAuthorizationModel(authorizationModelId);

// response.AuthorizationModel.Id = "1uHxCSuTP0VKPYSnkq1pbb1jeZw"
// response.AuthorizationModel.TypeDefinitions = [{ "type": "repo", "relations": { ... } }]
Read Authorization Model IDs

[API Documentation](https://docs.fga.dev/api/service#/Store Models/auth0_fga_ReadAuthorizationModels)

var response = await auth0FgaApi.ReadAuthorizationModels();

// response.AuthorizationModelIds = ["1uHxCSuTP0VKPYSnkq1pbb1jeZw", "GtQpMohWezFmIbyXxVEocOCxxgq"];
Check

API Documentation

var body =
    new CheckRequestParams(tupleKey: new TupleKey("repo:auth0/express-jwt", "reader", "anne"));
var response = await auth0FgaApi.Check(body);
// response.Allowed = true
Write Tuples

API Documentation

var body = new WriteRequestParams(new TupleKeys(new List<TupleKey>
    {new("repo:auth0/express-jwt", "reader", "anne")}));
var response = await auth0FgaApi.Write(body);
Delete Tuples

API Documentation

var body = new WriteRequestParams(new TupleKeys(new List<TupleKey> { }),
    new TupleKeys(new List<TupleKey> {new("repo:auth0/express-jwt", "reader", "anne")}));
var response = await auth0FgaApi.Write(body);
Expand

API Documentation

var body = new ExpandRequestParams(new TupleKey("repo:auth0/express-jwt", "reader"));
var response = await auth0FgaApi.Expand(body);

// response.Tree.Root = {"name":"workspace:675bcac4-ad38-4fb1-a19a-94a5648c91d6#admin","leaf":{"users":{"users":["anne","beth"]}}}
Read

API Documentation

// Find if a relationship tuple stating that a certain user is an admin on a certain workspace
var body = new ReadRequestParams(new TupleKey(
    _object: "workspace:675bcac4-ad38-4fb1-a19a-94a5648c91d6",
    relation: "admin",
    user: "81684243-9356-4421-8fbf-a4f8d36aa31b"));

// Find all relationship tuples where a certain user has a relationship as any relation to a certain workspace
var body = new ReadRequestParams(new TupleKey(
    _object: "workspace:675bcac4-ad38-4fb1-a19a-94a5648c91d6",
    user: "81684243-9356-4421-8fbf-a4f8d36aa31b"));

// Find all relationship tuples where a certain user is an admin on any workspace
var body = new ReadRequestParams(new TupleKey(
    _object: "workspace:",
    relation: "admin",
    user: "81684243-9356-4421-8fbf-a4f8d36aa31b"));

// Find all relationship tuples where any user has a relationship as any relation with a particular workspace
var body = new ReadRequestParams(new TupleKey(
    _object: "workspace:675bcac4-ad38-4fb1-a19a-94a5648c91d6"));

var body = new ReadRequestParams(new TupleKey("repo:auth0/express-jwt", "reader", "anne"));
var response = await auth0FgaApi.Read(body);

// In all the above situations, the response will be of the form:
// response = {"tuples":[{"key":{"user":"...","relation":"...","object":"..."},"timestamp":"..."}]}
Read Changes (Watch)

API Documentation

var type = 'workspace';
var pageSize = 25;
var continuationToken = 'eyJwayI6IkxBVEVTVF9OU0NPTkZJR19hdXRoMHN0b3JlIiwic2siOiIxem1qbXF3MWZLZExTcUoyN01MdTdqTjh0cWgifQ==';

var response = await auth0FgaApi.ReadChanges(type, pageSize, continuationToken);

// response.continuation_token = ...
// response.changes = [
//   { tuple_key: { user, relation, object }, operation: "write", timestamp: ... },
//   { tuple_key: { user, relation, object }, operation: "delete", timestamp: ... }
// ]

API Endpoints

Method HTTP request Description
Check POST /stores/{store_id}/check Check whether a user is authorized to access an object
DeleteTokenIssuer DELETE /stores/{store_id}/settings/token-issuers/{id} Remove 3rd party token issuer for Auth0 FGA read and write operations
Expand POST /stores/{store_id}/expand Expand all relationships in userset tree format, and following userset rewrite rules. Useful to reason about and debug a certain relationship
Read POST /stores/{store_id}/read Get tuples from the store that matches a query, without following userset rewrite rules
ReadAssertions GET /stores/{store_id}/assertions/{authorization_model_id} Read assertions for an authorization model ID
ReadAuthorizationModel GET /stores/{store_id}/authorization-models/{id} Return a particular version of an authorization model
ReadAuthorizationModels GET /stores/{store_id}/authorization-models Return all the authorization model IDs for a particular store
ReadChanges GET /stores/{store_id}/changes Return a list of all the tuple changes
ReadSettings GET /stores/{store_id}/settings Return store settings, including the environment tag
Write POST /stores/{store_id}/write Add or delete tuples from the store
WriteAssertions PUT /stores/{store_id}/assertions/{authorization_model_id} Upsert assertions for an authorization model ID
WriteAuthorizationModel POST /stores/{store_id}/authorization-models Create a new authorization model
WriteSettings PATCH /stores/{store_id}/settings Update the environment tag for a store
WriteTokenIssuer POST /stores/{store_id}/settings/token-issuers Add 3rd party token issuer for Auth0 FGA read and write operations

Models

Contributing

Issues

If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

For auth0 related questions/support please use the Support Center.

Pull Requests

Pull Requests are not currently open, please raise an issue or contact a team member on https://discord.gg/8naAwJfWN6 if there is a feature you'd like us to implement.

Author

Auth0Lab

License

This project is licensed under the MIT license. See the LICENSE file for more info.

The code in this repo was auto generated by OpenAPI Generator from a template based on the csharp-netcore template, licensed under the Apache License 2.0.

Product Compatible and additional computed target framework versions.
.NET net6.0 is compatible.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

  • net6.0

    • No dependencies.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
0.6.0 87 2/23/2024
0.5.1 288 5/1/2023
0.5.0 293 12/20/2022
0.4.0 766 10/13/2022
0.3.1 585 6/10/2022
0.3.0 420 6/7/2022
0.2.4 600 4/10/2022
0.2.3 419 4/9/2022
0.2.2 416 3/17/2022
0.2.1 429 3/11/2022
0.2.0 432 3/11/2022

https://github.com/auth0-lab/fga-dotnet-sdk/blob/main/CHANGELOG.md