Fga.Net.AspNetCore
0.2.0-alpha
See the version list below for details.
dotnet add package Fga.Net.AspNetCore --version 0.2.0-alpha
NuGet\Install-Package Fga.Net.AspNetCore -Version 0.2.0-alpha
<PackageReference Include="Fga.Net.AspNetCore" Version="0.2.0-alpha" />
paket add Fga.Net.AspNetCore --version 0.2.0-alpha
#r "nuget: Fga.Net.AspNetCore, 0.2.0-alpha"
// Install Fga.Net.AspNetCore as a Cake Addin #addin nuget:?package=Fga.Net.AspNetCore&version=0.2.0-alpha&prerelease // Install Fga.Net.AspNetCore as a Cake Tool #tool nuget:?package=Fga.Net.AspNetCore&version=0.2.0-alpha&prerelease
Auth0 FGA for .NET & ASP.NET Core
Please ensure you have a basic understanding of how FGA works before continuing: https://docs.fga.dev/
Note: This project is an early alpha and is subject to breaking changes without notice.
ASP.NET Core Setup
Before getting started, ensure you have a Store ID, Client ID, and Client Secret ready from How to get your API keys.
I'm also assuming you have authentication setup within your project, such as JWT bearer authentication via Auth0.
- Install
Fga.Net.AspNetCore
from Nuget. - Add your
StoreId
,ClientId
andClientSecret
to your application configuration, ideally via the dotnet secrets manager. - Add the following code to your ASP.NET Core configuration:
// Registers FgaAuthenticationClient & FgaAuthorizationClient, and the authorization handler
builder.Services.AddAuth0Fga(x =>
{
x.ClientId = builder.Configuration["Auth0Fga:ClientId"];
x.ClientSecret = builder.Configuration["Auth0Fga:ClientSecret"];
x.StoreId = builder.Configuration["Auth0Fga:StoreId"];
});
// Register the authorization policy
builder.Services.AddAuthorization(options =>
{
options.AddPolicy(FgaAuthorizationDefaults.PolicyKey, p => p.RequireAuthenticatedUser().AddFgaRequirement());
});
- Create an authorization attribute that inherits from
ComputedAuthorizationAttribute
. From here, you can pull metadata you require to perform your tuple checks out of the HTTP request. For example, an equivalent to the How To Integrate Within A Framework example would be:
public class EntityAuthorizationAttribute : ComputedAuthorizationAttribute
{
private readonly string _prefix;
private readonly string _routeValue;
public EntityAuthorizationAttribute(string prefix, string routeValue)
{
_prefix = prefix;
_routeValue = routeValue;
}
public override ValueTask<string> GetUser(HttpContext context)
{
return ValueTask.FromResult(context.User.Identity!.Name!);
}
public override ValueTask<string> GetRelation(HttpContext context)
{
return ValueTask.FromResult(context.Request.Method switch
{
"GET" => "viewer",
"POST" => "writer",
_ => "owner"
});
}
public override ValueTask<string> GetObject(HttpContext context)
{
return ValueTask.FromResult($"{_prefix}:{context.GetRouteValue(_routeValue)}");
}
}
- Apply the
Authorize
andEntityAuthorization
attributes to your controller(s):
[ApiController]
[Route("[controller]")]
[Authorize(FgaAuthorizationDefaults.PolicyKey)]
public class DocumentController : ControllerBase
{
[HttpGet("view/{documentId}")]
[EntityAuthorization("doc", "documentId")]
public string GetByConvention(string documentId)
{
return documentId;
}
}
If you need to manually perform checks, inject the IFgaAuthorizationClient
as required.
An additional pre-made attribute that allows all tuple values to be hardcoded strings ships with the package (StringComputedAuthorizationAttribute
). This attrbute is useful for testing and debug purposes, but should not be used in a real application.
Worker Service / Generic Host setup
Full docs coming soon.
Fga.Net
ships with the AddAuth0FgaAuthenticationClient
and AddAuth0FgaAuthorizationClient
service collection extensions that should be self-explanatory. To use the authorization client, both clients must be registered.
Standalone client setup
Seriously consider if you need to run a standalone client before picking this option.
- Install
Fga.Net
- Create the authorization client as below:
var client = FgaAuthorizationClient.Create(FgaAuthenticationClient.Create(), new FgaClientConfiguration()
{
ClientId = args[0],
ClientSecret = args[1],
StoreId = args[2]
});
var response = await client.CheckAsync(new CheckTupleRequest()
{
TupleKey = new TupleKey()
{
User = "",
Relation = "",
Object = ""
}
});
Internal Cache
The FgaTokenCache
will cache the FGA authorization token until 15 minutes before expiry. This is not currently customizable.
This cache is automatically enabled if you use any of the DI extensions, as well as FgaAuthorizationClient.Create
.
Disclaimer
I am not affiliated with nor represent Auth0. All support queries regarding the underlying service should go to the Auth0 Labs Discord.
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net6.0 is compatible. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
-
net6.0
- Fga.Net (>= 0.2.0-alpha)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated |
---|---|---|
1.2.0 | 17,716 | 4/9/2024 |
1.1.0 | 9,770 | 1/5/2024 |
1.0.0 | 291 | 12/18/2023 |
1.0.0-beta.1 | 12,614 | 5/29/2023 |
0.9.0-alpha | 148 | 4/14/2023 |
0.8.0-alpha | 267 | 1/3/2023 |
0.7.0-alpha | 1,236 | 10/1/2022 |
0.6.0-alpha | 162 | 9/1/2022 |
0.5.0-alpha | 166 | 6/18/2022 |
0.4.0-alpha | 174 | 4/17/2022 |
0.3.0-alpha | 184 | 2/13/2022 |
0.2.0-alpha | 185 | 12/20/2021 |
0.1.1-alpha | 187 | 12/20/2021 |
0.1.0-alpha | 164 | 12/20/2021 |