Crate openfga_client

Source
Expand description

§OpenFGA Rust Client

Crates.io License Tests

OpenFGA Rust Client is a type-safe client for OpenFGA with optional Authorization Model management and Authentication (Bearer or Client Credentials).

§Features

  • No dependency on protoc - Rust files are pre-generated.
  • Type-safe client for OpenFGA (gRPC) build on tonic
  • (JSON) Serialization and deserialization for Authorization Models in addition go protobuf Messages
  • Optional Authorization Model management with Migration hooks if tuples need to be re-written. Ideal for stateless deployments. State is managed exclusively in OpenFGA. This enables fully automated model management by your Application without blindly re-writing of Authorization Models on startup!
  • Optional Authentication (Bearer or Client Credentials) via the Middle Crate. (Feature: auth-middle)
  • Convenience functions like read_all_tuples (handles pagination), get_store_by_name and more.

§Usage

§Basic Usage

use openfga_client::client::OpenFgaServiceClient;
use tonic::transport::Channel;

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let endpoint = "http://localhost:8080";
    let client = OpenFgaServiceClient::connect(endpoint).await?;

    // Use the client to interact with OpenFGA
    Ok(())
}

§Bearer Token Authentication (API-Key)

use openfga_client::client::BasicOpenFgaServiceClient;

fn main() -> Result<(), Box<dyn std::error::Error>> {
    let endpoint = "http://localhost:8080";
    let token = "your-bearer-token";
    let client = BasicOpenFgaServiceClient::new_with_basic_auth(endpoint, token)?;

    // Use the client to interact with OpenFGA
    Ok(())
}

§Client Credential Authentication

use openfga_client::client::BasicOpenFgaServiceClient;
use url::Url;

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let endpoint = "http://localhost:8080";
    let client_id = "your-client-id";
    let client_secret = "your-client-secret";
    let token_endpoint = Url::parse("http://localhost:8080/token")?;
    let client = BasicOpenFgaServiceClient::new_with_client_credentials(endpoint, client_id, client_secret, &token_endpoint).await?;

    // Use the client to interact with OpenFGA
    Ok(())
}

§License

This project is licensed under the Apache-2.0 License. See the LICENSE file for details.

§Contributing

Contributions are welcome! Please open an issue or submit a pull request on GitHub.

Re-exports§

pub use prost_types;
pub use tonic;

Modules§

client
error
migration