Introduction to OpenFGA
OpenFGA is a scalable open source authorization system for developers that allows implementing authorization for any kind of application and smoothly evolve as complexity increases over time. It is owned by the Cloud Native Foundation.
Inspired by Google’s Zanzibar, Google’s internal authorization system, OpenFGA relies on Relationship-Based Access Control, which allows developers to easily implement Role-Based Access Control and provides additional capabilities to implement Attribute-Based Access Control. You can learn more about different authorization concepts here.
Benefits
OpenFGA provides developer the following benefits:
- Move authorization logic outside of application code, making it easier to write, change and audit
- Increase velocity by standardizing on a single authorization solution
- Centralize authorization decisions and audit logs making it simpler to comply with security and compliance requirements
- Help their products to move faster because it is simpler to evolve authorization policies
Features
OpenFGA helps developers achieve those benefits with features as:
- A Playground to learn how to use the product effectively
- Support for multiple stores that allow authorization management in different environments (prod/testing/dev), use cases (internal apps, external apps, infrastructure)
- Support for ABAC scenarios with Contextual Tuples and Conditional Relationship Tuples
- SDKs for Java, .NET, Javascript, Go, and Python.
- An HTTP and gRPC API
- A Command Line Interface tool for managing OpenFGA environments, test models, import/export models, and data.
- Github Actions for testing and deploying models
- A Visual Studio Code Extension with syntax highlighting and validation of FGA models and tests
- Helm Charts to easily deploy to Kubernetes
- OpenTelemetry support to integrate it with your monitoring infrastructure