A demonstration project showcasing how to implement OpenFGA (Fine-Grained Authorization) in .NET applications.
OpenFGA is an open-source Fine-Grained Authorization system based on Google's Zanzibar paper. It provides a flexible, high-performance authorization solution that can handle complex permission scenarios at scale.
Key features of OpenFGA:
- Relationship-based authorization model
- Scalable and efficient permission checking
- Support for complex authorization relationships
- Language-agnostic with multiple client SDKs
This demo demonstrates how to:
- Integrate OpenFGA with a .NET application
- Define authorization models
- Create and manage authorization relationships
- Perform permission checks
The project implements a simple document management scenario where:
- Documents can have readers, writers, and owners
- Different users can be assigned different permission levels
- Authorization checks validate user access to documents
git clone https://github.com/DogusTeknoloji/OpenFGADemo.git
cd OpenFGADemoThe project includes a Docker Compose configuration to run the OpenFGA server locally with PostgreSQL:
cd docker
docker-compose up -dThis will start:
- PostgreSQL database on port 5432
- OpenFGA server on port 8080
- OpenFGA UI playground on port 3000
cd src/OpenFGADemo
dotnet runBy default, the application will run on https://localhost:7069 and http://localhost:5234.
The project includes several API endpoints demonstrating OpenFGA functionality:
GET /documents/list-storePUT /documents/create-storePUT /documents/createPOST /documents/assign?userId={userId}&documentId={documentId}&permission={permission}Example:
POST /documents/assign?userId=alice&documentId=report.pdf&permission=readerPOST /documents/check
Content-Type: application/json
{
"userId": "alice",
"documentId": "report.pdf",
"permission": "reader"
}This demo uses the OpenFGA .NET SDK to interact with an OpenFGA server. The application:
- Connects to the OpenFGA server using the client configuration in
Program.cs - Defines an authorization model in
Models/AuthorizationModel.cs - Provides APIs to manage and check permissions in
Controllers/DocumentsController.cs
The demo uses a simple model with users and documents:
type user
type document
relations
define reader: [user]
define writer: [user]
define owner: [user]
/docker- Docker Compose setup for OpenFGA and PostgreSQL/src- .NET application source code/Controllers- API controllers/Models- Authorization model definitions
- .NET 9.0
- OpenFGA SDK for .NET
- Docker & Docker Compose
- PostgreSQL
Contributions are welcome! Please feel free to submit a Pull Request.
This project is licensed under the GNU General Public License v3.0 - see the LICENSE file for details.