OpenFGA relationship authorization provider plugin for Spakky Auth

Project description

spakky-openfga

spakky-openfga는 Spakky Auth의 relation 기반 인가를 OpenFGA check로 수행하는 provider 플러그인입니다. @require_relation metadata를 OpenFGA tuple model과 store/client 설정에 연결합니다.

Auth Provider Capability

플러그인은 다음 capability를 구현하는 OpenFgaAuthProvider를 등록합니다.

AuthCapability.RELATION_CHECK
AuthCapability.POLICY_EVALUATION

RelationCheckRequest.relation과 AuthorizationRequest.action은 OpenFGA relation으로 매핑됩니다. AuthContext.subject.id는 OpenFGA user로 매핑되고, resource/tenant canonical ref는 OpenFGA object 문자열로 매핑됩니다.

설정

OpenFgaConfig는 settings Pod로 등록되며 SPAKKY_OPENFGA_* 환경변수를 읽습니다. OpenFGA API URL, store id, optional authorization model id, principal type, tenant/object 매핑 설정을 담습니다. 기본적으로 type prefix가 없는 subject id는 user:<subject>로 매핑되고, tenant ref는 <tenant>/<resource> 형태로 object ref 앞에 붙습니다.

주요 설정:

SPAKKY_OPENFGA_API_URL
SPAKKY_OPENFGA_STORE_ID
SPAKKY_OPENFGA_AUTHORIZATION_MODEL_ID
SPAKKY_OPENFGA_PRINCIPAL_TYPE
SPAKKY_OPENFGA_INCLUDE_TENANT_IN_OBJECT

범위 밖

이 패키지는 tuple write, authorization model migration, admin CLI/API, list resources, data/query filtering, tuple/model management surface를 제공하지 않습니다.

Provider를 사용할 수 없는 상태는 AuthorizationReasonCode.VERIFICATION_PROVIDER_UNAVAILABLE reason code를 가진 ERROR authorization decision으로 매핑됩니다.

Project details

Release history Release notifications | RSS feed

6.9.1

Jun 20, 2026

6.9.0

Jun 20, 2026

6.8.0

Jun 15, 2026

This version

6.7.0

Jun 14, 2026

6.6.1

Jun 14, 2026

6.6.0

Jun 14, 2026

6.5.0

Jun 14, 2026

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

spakky_openfga-6.7.0.tar.gz (5.4 kB view details)

Uploaded Jun 14, 2026 Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

The dropdown lists show the available interpreters, ABIs, and platforms. Enable javascript to be able to filter the list of wheel files.

spakky_openfga-6.7.0-py3-none-any.whl (9.0 kB view details)

Uploaded Jun 14, 2026 Python 3

File details

Details for the file spakky_openfga-6.7.0.tar.gz.

File metadata

Download URL: spakky_openfga-6.7.0.tar.gz
Upload date: Jun 14, 2026
Size: 5.4 kB
Tags: Source
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for spakky_openfga-6.7.0.tar.gz
Algorithm	Hash digest
SHA256	`5fbd59d0381844ee958df343f7c5305fae73b9b5778058945d15f522038b77c0`
MD5	`64c26cd9abb6c34177a1f12f0c76956c`
BLAKE2b-256	`85e9c9d62710384f5ea3f501c84796ae6ee92a73dd4b7098858725106928c316`

See more details on using hashes here.

Provenance

The following attestation bundles were made for spakky_openfga-6.7.0.tar.gz:

Publisher: release.yml on E5presso/spakky-framework

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Statement:
- Statement type: https://in-toto.io/Statement/v1
- Predicate type: https://docs.pypi.org/attestations/publish/v1
- Subject name: spakky_openfga-6.7.0.tar.gz
- Subject digest: 5fbd59d0381844ee958df343f7c5305fae73b9b5778058945d15f522038b77c0
- Sigstore transparency entry: 1820684957
- Sigstore integration time: Jun 14, 2026
Source repository:
- Permalink: E5presso/spakky-framework@937fbaefed2d246cc74c29316aaac8ca68f3942d
- Branch / Tag: refs/heads/main
- Owner: https://github.com/E5presso
- Access: public
Publication detail:
- Token Issuer: https://token.actions.githubusercontent.com
- Runner Environment: github-hosted
- Publication workflow: release.yml@937fbaefed2d246cc74c29316aaac8ca68f3942d
- Trigger Event: workflow_dispatch

File details

Details for the file spakky_openfga-6.7.0-py3-none-any.whl.

File metadata

Download URL: spakky_openfga-6.7.0-py3-none-any.whl
Upload date: Jun 14, 2026
Size: 9.0 kB
Tags: Python 3
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for spakky_openfga-6.7.0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`2be1d5d6c6fd94eaa5d925f4533387e5135a2559a2ae80f02598e469b5bce14b`
MD5	`8b09177bd1389a7fb151d00dde055a84`
BLAKE2b-256	`066e6fbbba3aafc6ac2cd4680b271e3b39bed62ca9fc036148b33f1eafc19ded`

See more details on using hashes here.

Provenance

The following attestation bundles were made for spakky_openfga-6.7.0-py3-none-any.whl:

Publisher: release.yml on E5presso/spakky-framework

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Statement:
- Statement type: https://in-toto.io/Statement/v1
- Predicate type: https://docs.pypi.org/attestations/publish/v1
- Subject name: spakky_openfga-6.7.0-py3-none-any.whl
- Subject digest: 2be1d5d6c6fd94eaa5d925f4533387e5135a2559a2ae80f02598e469b5bce14b
- Sigstore transparency entry: 1820684970
- Sigstore integration time: Jun 14, 2026
Source repository:
- Permalink: E5presso/spakky-framework@937fbaefed2d246cc74c29316aaac8ca68f3942d
- Branch / Tag: refs/heads/main
- Owner: https://github.com/E5presso
- Access: public
Publication detail:
- Token Issuer: https://token.actions.githubusercontent.com
- Runner Environment: github-hosted
- Publication workflow: release.yml@937fbaefed2d246cc74c29316aaac8ca68f3942d
- Trigger Event: workflow_dispatch

spakky-openfga 6.7.0

Navigation

Verified details

Maintainers

Meta

Unverified details

Meta

Project description

spakky-openfga

Auth Provider Capability

설정

범위 밖

Project details

Verified details

Maintainers

Meta

Unverified details

Meta

Release history Release notifications | RSS feed

Download files

Source Distribution

Built Distribution

File details

File metadata

File hashes

Provenance

File details

File metadata

File hashes

Provenance