$ go get github.com/zeiss/fiber-authz
- OpenFGA
- Team-based access control
- Role-based access control
- Noop (for testing)
Any authorization model can be implemented by implementing the Authorizer
interface.
Using OpenAPI Extensions individual operations can be protected with OpenFGA.
x-fiber-authz-fga:
user:
namespace: user
auth_type: oidc
relation:
name: admin
object:
namespace: system
components:
- in: params
name: teamId
There are three parts to the OpenAPI extension:
user
- The user namespace and authentication type.relation
- The relation name.object
- The object namespace and components.
Then there are components to construct the relation or object.
in
- The location of the component (e.g.path
).name
- The name of the component (e.g.teamId
).type
- The type of the component (e.g.string
).
See examples to understand the provided interfaces.