Skip to main content

Client library for SpiceDB.

Project description

Authzed Python Client

PyPI License Build Status Mailing List Discord Server Twitter

This repository houses the Python client library for Authzed.

Authzed is a database and service that stores, computes, and validates your application's permissions.

Developers create a schema that models their permissions requirements and use a client library, such as this one, to apply the schema to the database, insert data into the database, and query the data to efficiently check permissions in their applications.

Supported client API versions:

You can find more info on each API on the Authzed API reference documentation. Additionally, Protobuf API documentation can be found on the Buf Registry Authzed API repository.

See CONTRIBUTING.md for instructions on how to contribute and perform common tasks like building the project and running tests.

Getting Started

We highly recommend following the Protecting Your First App guide to learn the latest best practice to integrate an application with Authzed.

If you're interested in examples of a specific version of the API, they can be found in their respective folders in the examples directory.

Basic Usage

Installation

This project is packaged as the wheel authzed on the Python Package Index.

If you are using pip, the command to install the library is:

pip install authzed

Initializing a client

With the exception of gRPC utility functions found in grpcutil, everything required to connect and make API calls is located in a module respective to API version.

In order to successfully connect, you will have to provide a Bearer Token with your own API Token from the Authzed dashboard in place of t_your_token_here_1234567deadbeef in the following example:

from authzed.api.v1 import Client
from grpcutil import bearer_token_credentials


client = Client(
    "grpc.authzed.com:443",
    bearer_token_credentials("t_your_token_here_1234567deadbeef"),
)

Performing an API call

from authzed.api.v1 import (
    CheckPermissionRequest,
    CheckPermissionResponse,
    ObjectReference,
    SubjectReference,
)


post_one = ObjectReference(object_type="blog/post", object_id="1")
emilia = SubjectReference(object=ObjectReference(
    object_type="blog/user",
    object_id="emilia",
))

# Is Emilia in the set of users that can read post #1?
resp = client.CheckPermission(CheckPermissionRequest(
    resource=post_one,
    permission="reader",
    subject=emilia,
))
assert resp.permissionship == CheckPermissionResponse.PERMISSIONSHIP_HAS_PERMISSION

Insecure Client Usage

When running in a context like docker compose, because of Docker's virtual networking, the gRPC client sees the SpiceDB container as "remote." It has built-in safeguards to prevent calling a remote client in an insecure manner, such as using client credentials without TLS.

However, this is a pain when setting up a development or testing environment, so we provide the InsecureClient as a convenience:

from authzed.api.v1 import Client
from grpcutil import bearer_token_credentials

client = Client(
    "spicedb:50051",
    "my super secret token"
)

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

authzed-1.1.0.tar.gz (88.7 kB view details)

Uploaded Source

Built Distribution

authzed-1.1.0-py3-none-any.whl (120.9 kB view details)

Uploaded Python 3

File details

Details for the file authzed-1.1.0.tar.gz.

File metadata

  • Download URL: authzed-1.1.0.tar.gz
  • Upload date:
  • Size: 88.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.12.7

File hashes

Hashes for authzed-1.1.0.tar.gz
Algorithm Hash digest
SHA256 6e1300ff75af1840acdb3e0b2bc0dec31a8cf631c4ac6fc1ac674b9ea02d043a
MD5 429ec6d1db4e45e4c17b0f61bc8e69f5
BLAKE2b-256 2df729978c71ea0ca4b86acf305689b378ef5c9e6032513314c6213f31f1e6e2

See more details on using hashes here.

File details

Details for the file authzed-1.1.0-py3-none-any.whl.

File metadata

  • Download URL: authzed-1.1.0-py3-none-any.whl
  • Upload date:
  • Size: 120.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.12.7

File hashes

Hashes for authzed-1.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 1c37038655c55d054b5caf918d60d680262fda4bc2787dc83576b4424e358214
MD5 887734bc6cea2f9eac785bb1fe788f41
BLAKE2b-256 fcc6b4bb14ec28c484b944d21cfff4cac16ad374798cf4658f7dfef00c2972e9

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page