Skip to content
@openfga

OpenFGA

OpenFGA is a flexible Authorization system inspired by Google's Zanzibar, designed for reliability and low latency at scale. OpenFGA is a CNCF Sandbox Project.

Introducing: OpenFGA 👋

Join our community Twitter CLOMonitor OpenFGA YouTube Channel

OpenFGA is a high performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. It incorporates powerful Relationship-Based Access Control (ReBAC) and Attribute Based Access Control (ABAC) concepts with a domain-specific language that makes it easy to craft authorization and permission solutions that can grow and evolve to any use case, at any scale.

OpenFGA was originally developed by Auth0/Okta, and donated to the Cloud Native Computing Foundation on September 14, 2022, and is currently at the Sandbox level of graduation.


🙋‍♀️ What's OpenFGA all about?

This community wants to solve authorization for everyone, regardless of the scale or complexity required for any given piece of software, and we think OpenFGA's design is the way to do it. In particular, the fine-grained authorization approach which OpenFGA incorporates is becoming an increasingly critical element of access control in software:

  • Collaboration and social features are things users expect. These features range from the ‘Share’ button where users proactively grant specific permissions to a set of users for a specific resource, to ‘Request Access’ workflows that allows users to reactively grant access on demand. These features are useful both for business-related assets such as documents or project boards, as well as social sharing of personal content like photo albums, social media posts, and even IoT devices. OpenFGA makes these scenarios easy to build and govern.

  • Traditional Role-Based Access Control (RBAC) solutions become difficult to administer and scale, but fine-grained approaches like OpenFGA can create authorization models that are still easy to understand and visualize for complex authorization patterns.

  • Security, compliance, and privacy are mandatory problems to solve for any software application from day one, and authorization is a big part of any solution. In fact, the top 2021 OWASP risk is broken access control.


💡Why is it important to centralize authorization?

Centralizing your authorization logic and decisions into a single service that has the flexibility to handle use cases across your different products gives you distinct advantages:

  • Deliver faster: You’ll be able to ship features and products faster, as the system should be easily extensible to new requirements.
  • Simplify authorization policy auditing: Explicit authorization rules are easier to audit by internal and external parties.
  • Simplify access control auditing: The authorization service generates logs for all operations out-of-the-box, both reads and writes
  • Lower operational costs: Having a single authorization system makes it simpler to manage.
  • Simpler to switch teams: Developers can use the same authorization concepts and APIs regardless of the team they work on.

🛠️ Developer Tooling

OpenFGA has high quality developer tooling, including:


👩‍💻 Useful resources

Pinned Loading

  1. community community Public

    The Community repository is the place to go for OpenFGA support

    27 32

  2. openfga openfga Public

    A high performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar

    Go 2.9k 205

  3. go-sdk go-sdk Public

    OpenFGA SDK for Go

    Go 64 28

  4. js-sdk js-sdk Public

    OpenFGA SDK for node.js and JavaScript - https://www.npmjs.com/package/@openfga/sdk

    TypeScript 51 14

  5. dotnet-sdk dotnet-sdk Public

    OpenFGA SDK for .NET - https://www.nuget.org/packages/OpenFga.Sdk

    C# 49 7

  6. openfga.dev openfga.dev Public

    OpenFGA website and documentation

    TypeScript 37 62

Repositories

Showing 10 of 28 repositories