Fga.Net.DependencyInjection
0.4.0-alpha
See the version list below for details.
dotnet add package Fga.Net.DependencyInjection --version 0.4.0-alpha
NuGet\Install-Package Fga.Net.DependencyInjection -Version 0.4.0-alpha
<PackageReference Include="Fga.Net.DependencyInjection" Version="0.4.0-alpha" />
paket add Fga.Net.DependencyInjection --version 0.4.0-alpha
#r "nuget: Fga.Net.DependencyInjection, 0.4.0-alpha"
// Install Fga.Net.DependencyInjection as a Cake Addin #addin nuget:?package=Fga.Net.DependencyInjection&version=0.4.0-alpha&prerelease // Install Fga.Net.DependencyInjection as a Cake Tool #tool nuget:?package=Fga.Net.DependencyInjection&version=0.4.0-alpha&prerelease
Auth0 FGA for Worker Services & ASP.NET Core
Packages
Fga.Net.DependencyInjection: Provides dependency injection extensions for Auth0.Fga
Fga.Net.AspNetCore: Additionally includes Authorization middleware to support FGA checks as part of a request's lifecycle.
Getting Started
Note: This project is in its early stages and will have breaking changes as FGA matures.
Please ensure you have a basic understanding of how FGA works before continuing: https://docs.fga.dev/
ASP.NET Core Setup
Before getting started, ensure you have a Store ID, Client ID, and Client Secret ready from How to get your API keys.
I'm also assuming you have authentication setup within your project, such as JWT bearer authentication via Auth0.
- Install
Fga.Net.AspNetCore
from Nuget. - Add your
StoreId
,ClientId
andClientSecret
to your application configuration, ideally via the dotnet secrets manager. - Add the following code to your ASP.NET Core configuration:
// Registers the Auth0FgaApi client
builder.Services.AddAuth0Fga(x =>
{
x.ClientId = builder.Configuration["Auth0Fga:ClientId"];
x.ClientSecret = builder.Configuration["Auth0Fga:ClientSecret"];
x.StoreId = builder.Configuration["Auth0Fga:StoreId"];
});
// Register the authorization policy
builder.Services.AddAuthorization(options =>
{
options.AddPolicy(FgaAuthorizationDefaults.PolicyKey,
p => p
.RequireAuthenticatedUser()
.AddFgaRequirement());
});
- Create an attribute that inherits from
TupleCheckAttribute
. From here, you can pull the metadata you require to perform your tuple checks out of the HTTP request. For example, an equivalent to the How To Integrate Within A Framework example would be:
public class EntityAuthorizationAttribute : TupleCheckAttribute
{
private readonly string _prefix;
private readonly string _routeValue;
public EntityAuthorizationAttribute(string prefix, string routeValue)
{
_prefix = prefix;
_routeValue = routeValue;
}
public override ValueTask<string> GetUser(HttpContext context)
=> ValueTask.FromResult(context.User.Identity!.Name!);
public override ValueTask<string> GetRelation(HttpContext context)
=> ValueTask.FromResult(context.Request.Method switch
{
"GET" => "viewer",
"POST" => "writer",
_ => "owner"
});
public override ValueTask<string> GetObject(HttpContext context)
=> ValueTask.FromResult($"{_prefix}:{context.GetRouteValue(_routeValue)}");
}
- Apply the
Authorize
andEntityAuthorization
attributes to your controller(s):
// Traditional Controllers
[ApiController]
[Route("[controller]")]
[Authorize(FgaAuthorizationDefaults.PolicyKey)]
public class DocumentController : ControllerBase
{
[HttpGet("view/{documentId}")]
[EntityAuthorization("doc", "documentId")]
public string GetByConvention(string documentId)
{
return documentId;
}
}
// Minimal APIs
app.MapGet("/viewminimal/{documentId}",
[Authorize(FgaAuthorizationDefaults.PolicyKey)]
[EntityAuthorization("doc", "documentId")]
(documentId) => Task.FromResult(documentId));
If you need to manually perform checks, inject the Auth0FgaApi
as required.
An additional pre-made attribute that allows all tuple values to be hardcoded strings ships with the package (StringTupleCheckAttribute
). This attribute is useful for testing and debug purposes, but should not be used in a real application.
Worker Service / Generic Host Setup
Fga.Net
ships with the AddAuth0Fga
service collection extension that handles all required wire-up.
To get started:
- Install
Fga.Net
- Add your
StoreId
,ClientId
andClientSecret
to your application configuration, ideally via the dotnet secrets manager. - Register the authorization client:
var host = Host.CreateDefaultBuilder(args)
.ConfigureServices((context, services) =>
{
services.AddAuth0Fga(config =>
{
config.ClientId = context.Configuration["Auth0Fga:ClientId"];
config.ClientSecret = context.Configuration["Auth0Fga:ClientSecret"];
config.StoreId = context.Configuration["Auth0Fga:StoreId"];
});
services.AddHostedService<MyBackgroundWorker>();
})
.Build();
await host.RunAsync();
- Request the client in your services:
public class MyBackgroundWorker : BackgroundService
{
private readonly Auth0FgaApi _authorizationClient;
public MyBackgroundWorker(Auth0FgaApi authorizationClient)
{
_authorizationClient = authorizationClient;
}
protected override Task ExecuteAsync(CancellationToken stoppingToken)
{
// Do work with the client
}
}
Standalone client setup
See the Auth0.Fga docs
Disclaimer
I am not affiliated with nor represent Auth0. All support queries regarding the underlying service should go to the Auth0 Labs Discord.
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net6.0 is compatible. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
-
net6.0
- Auth0.Fga (>= 0.2.4)
- Microsoft.Extensions.Http (>= 6.0.0)
NuGet packages (1)
Showing the top 1 NuGet packages that depend on Fga.Net.DependencyInjection:
Package | Downloads |
---|---|
Fga.Net.AspNetCore
Auth0 Fine Grained Authorization for ASP.NET Core. This package includes ASP.NET Core authorization extensions. |
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated |
---|---|---|
1.2.0 | 19,675 | 4/9/2024 |
1.1.0 | 10,045 | 1/5/2024 |
1.0.0 | 531 | 12/18/2023 |
1.0.0-beta.1 | 12,634 | 5/29/2023 |
0.9.0-alpha | 394 | 4/14/2023 |
0.8.0-alpha | 520 | 1/3/2023 |
0.7.0-alpha | 1,481 | 10/1/2022 |
0.6.0-alpha | 372 | 9/1/2022 |
0.5.0-alpha | 397 | 6/18/2022 |
0.4.0-alpha | 430 | 4/17/2022 |