Fine Grained News - September 2025
After a long hiatus, we are back with Fine Grained News! The best way to keep up to date with the OpenFGA community!
First of all, we want to thank the OpenFGA community for helping the OpenFGA Repository get beyond 4k stars!
What have we been up to
OpenFGA Performance
The OpenFGA team has been mostly focused on performance improvements, and we are close to finishing a big round of improvements.
- The
/check
endpoint is now up to 10x faster in some scenarios. - The
/list-objects
endpoint is up to 5x faster in some scenarios (the enhancements are still behind an experimental flag). - The caching implementation has a more sophisticated eviction mechanism that allows OpenFGA to cache entries for a longer time.
Improved Write API
OpenFGA v1.10 adds additional parameters to the /write
endpoint that allow specifying the behavior when duplicated tuples are written or non-existing tuples are deleted. This was a much requested feature - we're looking forward for your feedback on it!
The SDKs and the CLI will add support for these options over the coming month.
Terraform Provider
Maurice Ackel contributed the official OpenFGA Terraform Provider. Take a look at it, and let Maurice know if you are using it!
SDKs and Tooling
-
We shipped several improvements across all SDKs:
- Improved how the SDKs retry when getting 429 errors
- BatchCheck support (.NET coming soon!)
- .NET Standard 2.0 support for .NET is in Alpha, and will be released soon.
-
The CLI has several improvements:
- Supports running tests using glob patterns (
fga model test --tests *.yaml
) - Supports
jsonl
format for tuples - Allows specifying multiple tuple files in store tests
- Enables grouping users/objects in store tests, avoiding duplication:
- Supports running tests using glob patterns (
- object: group:employees
users:
- user:1
- user:2
assertions:
member: true
- objects:
- group:admins
- group:employees
user: user:1
assertions:
member: true
- OpenFGA includes now a REST Client (HTTP file)[https://github.com/openfga/openfga/tree/main/docs/http] to make it simple to use the OpenFGA API.
- We've been playing with an OpenFGA MCP to help with modeling. You can add the MCP by pointing your MCP client (e.g., VS Code) to https://mcp.openfga.dev/mcp. You can find the code here, or see it in action here. It's pretty awesome! :)
New OpenFGA Adopters
The list of companies/projects keeps increasing! These adopters were added since the last edition of Fine Grained News:
- Headspace: Headspace uses OpenFGA to manage entitlements for its users based on their subscriptions. OpenFGA is also used to determine availability of features and content based on regionality and language.
- EarthScope Consortium: EarthScope Consortium supports transformative global geophysical research and education. They leverage OpenFGA to authorize researcher access to hundreds of thousands of data streams from geophysical sensors located all over the world.
- Incus: The Incus project uses OpenFGA as its primary authorization mechanism for fine grained access control to all its resources.
- virv.ai: virv.ai uses OpenFGA as the core authorization model that enables individuals, agents and organizations to access artifacts such as data, credentials, and documents. OpenFGA allows us to meet the needs of the AI-enabled Enterprise where trust is essential.
- X-HR LABS: X-HR is a modern HR tech platform that empowers businesses with full freedom to use and grow on their own terms. They leverage OpenFGA to implement robust, relationship-based access control across company data and organizational structures.
- AppsCode: AppsCode uses OpenFGA to implement authorization functionality for their AppsCode Container Engine (ACE) Platform.
- Grafana Labs: Grafana user authorization and Role Based Access Control (RBAC) are migrating to OpenFGA.
You can also learn how OpenFGA powers NeoNephos, a new Linux Foundation project that's dedicated to advancing open source projects that align with the strategic objectives of the EU's IPCEI-CIS, in this Open Source Summit presentation by Bastian Echterhölter & Aaron Schweig from SAP.
The Linux Foundation is using OpenFGA for their new platform. You can see their OpenFGA authorization model here.
Nagarro published a case study detailing how they helped Schneider Electric with an OpenFGA implementation.
OpenFGA Security Posture
All OpenFGA repositories now have a Security Insights file and are integrated with OpenSSF Scorecard.
OpenFGA is also included in the LFX Insights website, scoring an Excellent score.
OpenFGA to CNCF Incubation!
We are going through the due diligence process to be approved for the CNCF Incubation stage with the CNCF Technical Oversight Committee. They are currently interviewing OpenFGA adopters. Thanks to Canonical, Grafana, Docker, Read.AI, Agicap, Sourcegraph, Zuplo, and Custodian for agreeing to be interviewed by the CNCF!
Upcoming Events: KubeCon North America & All Things Open
-
Sam Bellen will be presenting at All Things Open about the Paradigm Shift that ReBAC and the Zanzibar approach brought to the industry
-
Jose Padilla from Okta will be presenting at KubeCon North America, together with Alice Gibbons from Diagrid about Design Patterns for Consistent Centralized Authorization
-
Siddhant Khare, an OpenFGA maintainer from Gitpod, will host the OpenFGA Project Lightning talk OpenFGA: Google Zanzibar Style Authorization Made Developer-Friendly.
OpenFGA will also have a kiosk at the KubeCon Project Pavilion. Tyler Nix and José Padilla will be there!
See you soon!
Fine Grained News used to be published every month, and we plan to go back to our monthly cadence! :) If you have any feedback, want to share your OpenFGA story, or have a noteworthy update, please let us know on any of our community channels or at [email protected].