Skip to main content

Configure Authorization Model for a Store

This article explains how to configure an authorization model for a store in an OpenFGA server.

Before You Start

  1. Deploy an instance of the OpenFGA server, and have ready the values for your setup: FGA_STORE_ID, FGA_API_HOST and, if needed, FGA_API_TOKEN.
  2. You have installed the SDK, created the store and setup the SDK client.
  3. You have loaded FGA_STORE_ID and FGA_API_HOST as environment variables.

Step By Step

Assume that you want to configure your store with the following model.

model
schema 1.1
type user
type document
relations
define reader: [user]
define writer: [user]
define owner: [user]

To configure authorization model, we can invoke the write authorization models API.

Initialize the SDK
// ApiTokenIssuer, ApiAudience, ClientId and ClientSecret are optional.
// import the SDK
const { OpenFgaApi } = require('@openfga/sdk');

// Initialize the SDK with no auth - see "How to setup SDK client" for more options
const fgaClient = new OpenFgaApi({
apiScheme: process.env.FGA_API_SCHEME, // Either "http" or "https", defaults to "https"
apiHost: process.env.FGA_API_HOST, // required, define without the scheme (e.g. api.openfga.example instead of https://api.openfga.example)
storeId: process.env.FGA_STORE_ID, // Either "http" or "https", defaults to "https"
});

const { authorization_model_id: id } = await fgaClient.writeAuthorizationModel({
"schema_version": "1.1",
"type_definitions": [
{
"type": "document",
"relations": {
"reader": {
"this": {}
},
"writer": {
"this": {}
},
"owner": {
"this": {}
}
},
"metadata": {
"relations": {
"reader": {
"directly_related_user_types": [
{
"type": "user"
}
]
},
"writer": {
"directly_related_user_types": [
{
"type": "user"
}
]
},
"owner": {
"directly_related_user_types": [
{
"type": "user"
}
]
}
}
}
}
]
});
// id = "1uHxCSuTP0VKPYSnkq1pbb1jeZw"

The API will then return the authorization model ID.

Note

The OpenFGA API only accepts an authorization model in the API's JSON syntax.

To convert between the API Syntax and the friendly DSL, you can use the syntax transformer or Auth0 FGA's Playground.

Getting Started with Modeling

Read how to get started with modeling.

Modeling: Direct Relationships

Read the basics of modeling authorization and granting access to users.