OpenFGA relationship authorization provider plugin for Spakky Auth

Project description

spakky-openfga

spakky-openfga provides a check-only OpenFGA authorization provider for Spakky Auth relationship enforcement.

Auth Provider Capabilities

The plugin registers OpenFgaAuthProvider, which implements:

AuthCapability.RELATION_CHECK
AuthCapability.POLICY_EVALUATION

RelationCheckRequest.relation and AuthorizationRequest.action are mapped to the OpenFGA relation. AuthContext.subject.id is mapped to the OpenFGA user, and resource/tenant canonical refs are mapped into the OpenFGA object string.

Configuration

OpenFgaConfig is registered as a settings Pod and reads SPAKKY_OPENFGA_* environment variables. It contains the OpenFGA API URL, store id, optional authorization model id, principal type, and tenant/object mapping controls. By default a subject id without a type prefix is mapped as user:<subject>, and tenant refs are prefixed into object refs as <tenant>/<resource>.

Common settings:

SPAKKY_OPENFGA_API_URL
SPAKKY_OPENFGA_STORE_ID
SPAKKY_OPENFGA_AUTHORIZATION_MODEL_ID
SPAKKY_OPENFGA_PRINCIPAL_TYPE
SPAKKY_OPENFGA_INCLUDE_TENANT_IN_OBJECT

Non-goals

This package intentionally does not implement tuple writes, authorization model migration, admin CLI/API, list resources, data/query filtering, or tuple/model management surfaces.

Provider-unavailable conditions map to an ERROR authorization decision with AuthorizationReasonCode.VERIFICATION_PROVIDER_UNAVAILABLE.

Project details

Release history Release notifications | RSS feed

6.9.1

Jun 20, 2026

6.9.0

Jun 20, 2026

6.8.0

Jun 15, 2026

6.7.0

Jun 14, 2026

6.6.1

Jun 14, 2026

This version

6.6.0

Jun 14, 2026

6.5.0

Jun 14, 2026

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

spakky_openfga-6.6.0.tar.gz (5.1 kB view details)

Uploaded Jun 14, 2026 Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

The dropdown lists show the available interpreters, ABIs, and platforms. Enable javascript to be able to filter the list of wheel files.

spakky_openfga-6.6.0-py3-none-any.whl (8.8 kB view details)

Uploaded Jun 14, 2026 Python 3

File details

Details for the file spakky_openfga-6.6.0.tar.gz.

File metadata

Download URL: spakky_openfga-6.6.0.tar.gz
Upload date: Jun 14, 2026
Size: 5.1 kB
Tags: Source
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for spakky_openfga-6.6.0.tar.gz
Algorithm	Hash digest
SHA256	`c737bbb630c7f10dd3e6bc7440843d62728814ed1461e5978e4168379820273b`
MD5	`692ad3263995900584c56fde390052b8`
BLAKE2b-256	`8ec368a9aabfccacef8e42f41d26921ae8a9f2fd5de900d71fb35b17fa7686f1`

See more details on using hashes here.

Provenance

The following attestation bundles were made for spakky_openfga-6.6.0.tar.gz:

Publisher: publish-package.yml on E5presso/spakky-framework

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Statement:
- Statement type: https://in-toto.io/Statement/v1
- Predicate type: https://docs.pypi.org/attestations/publish/v1
- Subject name: spakky_openfga-6.6.0.tar.gz
- Subject digest: c737bbb630c7f10dd3e6bc7440843d62728814ed1461e5978e4168379820273b
- Sigstore transparency entry: 1817552518
- Sigstore integration time: Jun 14, 2026
Source repository:
- Permalink: E5presso/spakky-framework@a750eb66a4ec78130f7782372b5e92a25c2b9839
- Branch / Tag: refs/heads/main
- Owner: https://github.com/E5presso
- Access: public
Publication detail:
- Token Issuer: https://token.actions.githubusercontent.com
- Runner Environment: github-hosted
- Publication workflow: publish-package.yml@a750eb66a4ec78130f7782372b5e92a25c2b9839
- Trigger Event: workflow_dispatch

File details

Details for the file spakky_openfga-6.6.0-py3-none-any.whl.

File metadata

Download URL: spakky_openfga-6.6.0-py3-none-any.whl
Upload date: Jun 14, 2026
Size: 8.8 kB
Tags: Python 3
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for spakky_openfga-6.6.0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`0455ddb52e8a3a9f24b5df9406150b3ff53e2ea6ad69f3023d6dc8cadd9e4f19`
MD5	`a8a7c0f14bd4e462c3ced18f2e60589a`
BLAKE2b-256	`2f7da348b6e83e9e90ab4727157ef3152ddd8151e93857e28fab8764a002283d`

See more details on using hashes here.

Provenance

The following attestation bundles were made for spakky_openfga-6.6.0-py3-none-any.whl:

Publisher: publish-package.yml on E5presso/spakky-framework

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Statement:
- Statement type: https://in-toto.io/Statement/v1
- Predicate type: https://docs.pypi.org/attestations/publish/v1
- Subject name: spakky_openfga-6.6.0-py3-none-any.whl
- Subject digest: 0455ddb52e8a3a9f24b5df9406150b3ff53e2ea6ad69f3023d6dc8cadd9e4f19
- Sigstore transparency entry: 1817552666
- Sigstore integration time: Jun 14, 2026
Source repository:
- Permalink: E5presso/spakky-framework@a750eb66a4ec78130f7782372b5e92a25c2b9839
- Branch / Tag: refs/heads/main
- Owner: https://github.com/E5presso
- Access: public
Publication detail:
- Token Issuer: https://token.actions.githubusercontent.com
- Runner Environment: github-hosted
- Publication workflow: publish-package.yml@a750eb66a4ec78130f7782372b5e92a25c2b9839
- Trigger Event: workflow_dispatch

spakky-openfga 6.6.0

Navigation

Verified details

Maintainers

Meta

Unverified details

Meta

Project description

spakky-openfga

Auth Provider Capabilities

Configuration

Non-goals

Project details

Verified details

Maintainers

Meta

Unverified details

Meta

Release history Release notifications | RSS feed

Download files

Source Distribution

Built Distribution

File details

File metadata

File hashes

Provenance

File details

File metadata

File hashes

Provenance