You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Golang SDK for [authorizer.dev](https://authorizer.dev)server. This SDK will be handy to add API middleware where you can authorize your users. It will also empower you to perform various auth operations on authorizer server.
3
+
Go SDK for [authorizer.dev](https://authorizer.dev)— self-hosted authentication & authorization. Current version: **2.0.0**.
4
4
5
-
For detailed explanation of each functions check official [docs](https://pkg.go.dev/github.com/authorizerdev/authorizer-go)
5
+
Use this SDK to add auth middleware to your Go services and to call any Authorizer API method. For full API docs see [pkg.go.dev/github.com/authorizerdev/authorizer-go](https://pkg.go.dev/github.com/authorizerdev/authorizer-go).
6
6
7
7
## Getting Started
8
8
9
-
**Pre-requisite**: You will need an authorizer instance up and running. Checkout how you can host your instance in the [docs](https://docs.authorizer.dev/deployment)
9
+
**Pre-requisite:** A running Authorizer instance. See the [deployment guide](https://docs.authorizer.dev/deployment).
10
10
11
-
Follow the steps here to install authorizer-go in your golang project and use the methods of SDK to protect/authorize your APIs
11
+
Once deployed, get your `Client ID` from the Authorizer dashboard.
12
12
13
-
Once you have deployed authorizer instance. Get `Client ID` from your authorizer instance dashboard
> **Note (Authorizer >= v2.3.0):** the server's CSRF guard requires an `Origin` header on state-changing requests. The client sends the Authorizer server's own origin by default, which always passes. If your instance restricts `ALLOWED_ORIGINS`, pass your app's origin instead via `extraHeaders`: `map[string]string{"Origin": "https://your-app.com"}`.
52
54
53
-
### Step 3: Access all the SDK methods using authorizer client instance, initialized on step 2
See [admin_methods.go](admin_methods.go) for the full list of available admin operations.
82
+
67
83
## Fine-grained authorization (FGA)
68
84
69
-
Authorizer ships an embedded [OpenFGA](https://openfga.dev) engine for relationship-based
70
-
access control (ReBAC). You model your domain as object **types** with **relations**
71
-
(`viewer`, `editor`, `owner`…), grant access by writing **relationship tuples**
72
-
(`user:alice` is `viewer` of `document:1`), and ask the engine whether access is allowed.
73
-
74
-
Authoring the model and tuples is an admin task — do it once in the dashboard under
75
-
**Authorization**, or via the `_fga_*` admin GraphQL API. The SDK exposes only the
76
-
read-side checks an application needs at request time. For every call the subject
77
-
defaults to the authenticated caller and is pinned server-side from the request
78
-
headers (bearer token / session cookie), so pass them. The optional `User` field
79
-
(`"type:id"`, or a bare id treated as `"user:<id>"`) overrides the subject, but is
80
-
honored only when the caller is a super-admin or it equals the caller's own token
81
-
subject — anything else is rejected by the server.
82
-
83
-
**1. Check permissions** — `CheckPermissions` evaluates one or more
84
-
"does the caller have `relation` on `object`?" checks in a single round trip.
85
-
Each result echoes its relation/object pair and comes back in the same order as
86
-
the supplied checks.
85
+
Authorizer ships an embedded [OpenFGA](https://openfga.dev) engine for relationship-based access control (ReBAC). You model your domain as object **types** with **relations** (`viewer`, `editor`, `owner`…), grant access by writing **relationship tuples**, and ask the engine whether access is allowed.
86
+
87
+
Authoring the model and tuples is an admin task — do it once in the dashboard under **Authorization**, or via the `_fga_*` admin GraphQL API. The SDK exposes only the read-side checks an application needs at request time. The subject defaults to the authenticated caller and is pinned server-side from the request headers. The optional `User` field overrides the subject but is honored only for super-admins or when it equals the caller's own token subject.
88
+
89
+
**Check permissions** — evaluates one or more relation checks in a single round trip:
> Note: This example demonstrates how to use authorizer in middleware for a [go-gin](https://github.com/gin-gonic/gin) server. But logic remains the same under the hood, where you can get auth token from `header` and validate it via authorizer SDK
**CURL command to test go-gin server created in example**
183
+
## Release
197
184
198
-
Copy JWT ID token from login response of authorizer `login` mutation / social media login and replace `JWT_TOKEN` below
185
+
1. Tag the commit: `git tag v<version>`
186
+
2. Push with tags: `git push origin main --tags`
199
187
200
-
```bash
201
-
curl --location --request GET 'http://localhost:8090/ping' \
202
-
--header 'Authorization: Bearer JWT_TOKEN'
203
-
```
188
+
The GitHub Actions release workflow handles the GitHub Release creation automatically. Go modules are versioned by tags — no additional publish step is needed.
0 commit comments