This repository houses the Go client library for Authzed.
Authzed is a database and service that stores, computes, and validates your application's permissions.
Developers create a schema that models their permissions requirements and use a client library, such as this one, to apply the schema to the database, insert data into the database, and query the data to efficiently check permissions in their applications.
Supported client API versions:
You can find more info on each API on the Authzed API reference documentation. Additionally, Protobuf API documentation can be found on the Buf Registry Authzed API repository.
See CONTRIBUTING.md for instructions on how to contribute and perform common tasks like building the project and running tests.
We highly recommend following the Protecting Your First App guide to learn the latest best practice to integrate an application with Authzed.
If you're interested in examples for a specific version of the API, they can be found in their respective folders in the examples directory.
If you're using a modern version of Go, run the following commands to add dependencies to your project:
go get github.com/authzed/authzed-go
go get github.com/authzed/grpcutil
grpcutil is not strictly required, but greatly reduces the boilerplate required to create a client in the general case.
The NewClient()
constructor is the recommended method for creating a client.
Because this library is using gRPC under the hood, you are free to leverage the wealth of functionality provided via DialOptions.
In order to successfully connect, you will have to provide a Bearer Token with your own API Token from the Authzed dashboard in place of t_your_token_here_1234567deadbeef
in the following example:
import (
"github.com/authzed/authzed-go/v0"
"github.com/authzed/grpcutil"
)
...
client, err := authzed.NewClient(
"grpc.authzed.com:443",
grpcutil.WithSystemCerts(grpcutil.VerifyCA),
grpcutil.WithBearerToken("t_your_token_here_1234567deadbeef"),
)
if err != nil {
log.Fatalf("unable to initialize client: %s", err)
}
Requests and response types are located in a package under proto/
respective to their API version.
Because of the verbosity of these types, we recommend writing your own functions/methods to create these types from your existing application's models.
import (
"github.com/authzed/authzed-go/proto/authzed/api/v0"
"github.com/authzed/authzed-go/v0"
"github.com/authzed/grpcutil"
)
...
emilia := &v0.User{UserOneof: &v0.User_Userset{Userset: &v0.ObjectAndRelation{
Namespace: "user",
ObjectId: "emilia",
Relation: "...",
}}}
post1Reader := &v0.ObjectAndRelation{Namespace: "post", ObjectId: "1", Relation: "read"}
// Is Emilia in the set of users that can read post #1?
resp, err := client.Check(ctx, &v0.CheckRequest{User: emilia, TestUserset: post1Reader})
if err != nil {
log.Fatalf("failed to check permission: %s", err)
}
if resp.GetMembership() == v0.CheckResponse_MEMBER {
log.Println("allowed!")
}