How to Setup the SDK Client
This article explains how to configure an OpenFGA client to call Okta Fine Grained Authorization (FGA).
First make sure that you have:
- Created a store and generated your API credentials by following the steps How to get your API keys.
- Installed the relevant SDK by following the steps in How To Install The SDK.
Configuration
- Node.js
- Go
- .NET
- Python
- Java
- CLI
const { CredentialsMethod, OpenFgaClient } = require('@openfga/sdk'); // OR import { CredentialsMethod, OpenFgaClient } from '@openfga/sdk';
// FGA_API_URL = 'https://api.us1.fga.dev' - Changes based on locality, refer to the ["How to get your API Keys" page](./getting-your-api-keys.mdx)
// FGA_STORE_ID = 'YOUR_STORE_ID' - Get this from your store settings in the dashboard, refer to the ["How to get your API Keys" page](./getting-your-api-keys.mdx)
// FGA_MODEL_ID = 'YOUR_MODEL_ID' - optional, can be overridden per request, helps reduce latency
// FGA_API_TOKEN_ISSUER = 'fga.us.auth0.com'
// FGA_API_AUDIENCE = 'https://api.us1.fga.dev/' - Changes based on locality, refer to the ["How to get your API Keys" page](./getting-your-api-keys.mdx)
// FGA_CLIENT_ID = 'YOUR_CLIENT_ID' - Get this from your store settings in the dashboard, refer to the ["How to get your API Keys" page](./getting-your-api-keys.mdx)
// FGA_CLIENT_SECRET = 'YOUR_CLIENT_SECRET' - Get this from your store settings in the dashboard, refer to the ["How to get your API Keys" page](./getting-your-api-keys.mdx)
const openFga = new OpenFgaClient({
apiUrl: process.env.FGA_API_URL,
storeId: process.env.FGA_STORE_ID,
authorizationModelId: process.env.FGA_MODEL_ID,
credentials: {
method: CredentialsMethod.ClientCredentials,
config: {
apiTokenIssuer: process.env.FGA_API_TOKEN_ISSUER,
apiAudience: process.env.FGA_API_AUDIENCE,
clientId: process.env.FGA_CLIENT_ID,
clientSecret: process.env.FGA_CLIENT_SECRET,
},
}
});
import (
"os"
. "github.com/openfga/go-sdk/client"
"github.com/openfga/go-sdk/credentials"
)
// FGA_API_URL = 'https://api.us1.fga.dev' - Changes based on locality, refer to the ["How to get your API Keys" page](./getting-your-api-keys.mdx)
// FGA_STORE_ID = 'YOUR_STORE_ID' - Get this from your store settings in the dashboard, refer to the ["How to get your API Keys" page](./getting-your-api-keys.mdx)
// FGA_MODEL_ID = 'YOUR_MODEL_ID' - optional, can be overridden per request, helps reduce latency
// FGA_API_TOKEN_ISSUER = 'fga.us.auth0.com'
// FGA_API_AUDIENCE = 'https://api.us1.fga.dev/' - Changes based on locality, refer to the ["How to get your API Keys" page](./getting-your-api-keys.mdx)
// FGA_CLIENT_ID = 'YOUR_CLIENT_ID' - Get this from your store settings in the dashboard, refer to the ["How to get your API Keys" page](./getting-your-api-keys.mdx)
// FGA_CLIENT_SECRET = 'YOUR_CLIENT_SECRET' - Get this from your store settings in the dashboard, refer to the ["How to get your API Keys" page](./getting-your-api-keys.mdx)
func main() {
fgaClient, err := NewSdkClient(&ClientConfiguration{
ApiUrl: os.Getenv("FGA_API_URL"),
StoreId: os.Getenv("FGA_STORE_ID"),
AuthorizationModelId: os.Getenv("FGA_MODEL_ID"),
Credentials: &credentials.Credentials{
Method: credentials.CredentialsMethodClientCredentials,
Config: &credentials.Config{
ClientCredentialsClientId: os.Getenv("FGA_CLIENT_ID"),
ClientCredentialsClientSecret: os.Getenv("FGA_CLIENT_SECRET"),
ClientCredentialsApiAudience: os.Getenv("FGA_API_AUDIENCE"),
ClientCredentialsApiTokenIssuer: os.Getenv("FGA_API_TOKEN_ISSUER"),
},
},
})
if err != nil {
// .. Handle error
}
}
using OpenFga.Sdk.Client;
using OpenFga.Sdk.Configuration;
using Environment = System.Environment;
namespace ExampleApp;
// FGA_API_URL = 'https://api.us1.fga.dev' - Changes based on locality, refer to the ["How to get your API Keys" page](./getting-your-api-keys.mdx)
// FGA_STORE_ID = 'YOUR_STORE_ID' - Get this from your store settings in the dashboard, refer to the ["How to get your API Keys" page](./getting-your-api-keys.mdx)
// FGA_MODEL_ID = 'YOUR_MODEL_ID' - optional, can be overridden per request, helps reduce latency
// FGA_API_TOKEN_ISSUER = 'fga.us.auth0.com'
// FGA_API_AUDIENCE = 'https://api.us1.fga.dev/' - Changes based on locality, refer to the ["How to get your API Keys" page](./getting-your-api-keys.mdx)
// FGA_CLIENT_ID = 'YOUR_CLIENT_ID' - Get this from your store settings in the dashboard, refer to the ["How to get your API Keys" page](./getting-your-api-keys.mdx)
// FGA_CLIENT_SECRET = 'YOUR_CLIENT_SECRET' - Get this from your store settings in the dashboard, refer to the ["How to get your API Keys" page](./getting-your-api-keys.mdx)
class MyProgram {
static async Task Main() {
var configuration = new ClientConfiguration() {
ApiUrl = Environment.GetEnvironmentVariable("FGA_API_URL"),
StoreId = Environment.GetEnvironmentVariable("FGA_STORE_ID"),
AuthorizationModelId = Environment.GetEnvironmentVariable("FGA_MODEL_ID"),
Credentials = new Credentials() {
Method = CredentialsMethod.ClientCredentials,
Config = new CredentialsConfig() {
ApiTokenIssuer = Environment.GetEnvironmentVariable("FGA_API_TOKEN_ISSUER"),
ApiAudience = Environment.GetEnvironmentVariable("FGA_API_AUDIENCE"),
ClientId = Environment.GetEnvironmentVariable("FGA_CLIENT_ID"),
ClientSecret = Environment.GetEnvironmentVariable("FGA_CLIENT_SECRET"),
}
}
};
var fgaClient = new OpenFgaClient(configuration);
}
}
import asyncio
import os
import openfga_sdk
from openfga_sdk.client import OpenFgaClient
from openfga_sdk.credentials import Credentials, CredentialConfiguration
# FGA_API_URL = 'https://api.us1.fga.dev' - Changes based on locality, refer to the ["How to get your API Keys" page](./getting-your-api-keys.mdx)
# FGA_STORE_ID = 'YOUR_STORE_ID' - Get this from your store settings in the dashboard, refer to the ["How to get your API Keys" page](./getting-your-api-keys.mdx)
# FGA_MODEL_ID = 'YOUR_MODEL_ID' - optional, can be overridden per request, helps reduce latency
# FGA_API_TOKEN_ISSUER = 'fga.us.auth0.com'
# FGA_API_AUDIENCE = 'https://api.us1.fga.dev/' - Changes based on locality, refer to the ["How to get your API Keys" page](./getting-your-api-keys.mdx)
# FGA_CLIENT_ID = 'YOUR_CLIENT_ID' - Get this from your store settings in the dashboard, refer to the ["How to get your API Keys" page](./getting-your-api-keys.mdx)
# FGA_CLIENT_SECRET = 'YOUR_CLIENT_SECRET' - Get this from your store settings in the dashboard, refer to the ["How to get your API Keys" page](./getting-your-api-keys.mdx)
async with OpenFgaClient(configuration) as fga_client:
api_response = await fga_client.read_authorization_models() # call requests
await fga_client.close() # close when done
async def main():
credentials = Credentials(
method='client_credentials',
configuration=CredentialConfiguration(
api_issuer= os.environ.get('FGA_API_TOKEN_ISSUER'),
api_audience= os.environ.get('FGA_API_AUDIENCE'),
client_id= os.environ.get('FGA_CLIENT_ID'),
client_secret= os.environ.get('FGA_CLIENT_SECRET'),
)
)
configuration = openfga_sdk.ClientConfiguration(
api_url = os.environ.get('FGA_API_URL')
store_id = os.environ.get('FGA_STORE_ID'),
authorization_model_id = os.environ.get('FGA_MODEL_ID'),
credentials = credentials,
)
async with OpenFgaClient(configuration) as fga_client:
api_response = await fga_client.read_authorization_models() # call requests
await fga_client.close() # close when done
asyncio.run(main())
import dev.openfga.sdk.api.client.OpenFgaClient;
import dev.openfga.sdk.api.configuration.ClientConfiguration;
import dev.openfga.sdk.api.configuration.ClientCredentials;
import dev.openfga.sdk.api.configuration.Credentials;
// FGA_API_URL = 'https://api.us1.fga.dev' - Changes based on locality, refer to the ["How to get your API Keys" page](./getting-your-api-keys.mdx)
// FGA_STORE_ID = 'YOUR_STORE_ID' - Get this from your store settings in the dashboard, refer to the ["How to get your API Keys" page](./getting-your-api-keys.mdx)
// FGA_MODEL_ID = 'YOUR_MODEL_ID' - optional, can be overridden per request, helps reduce latency
// FGA_API_TOKEN_ISSUER = 'fga.us.auth0.com'
// FGA_API_AUDIENCE = 'https://api.us1.fga.dev/' - Changes based on locality, refer to the ["How to get your API Keys" page](./getting-your-api-keys.mdx)
// FGA_CLIENT_ID = 'YOUR_CLIENT_ID' - Get this from your store settings in the dashboard, refer to the ["How to get your API Keys" page](./getting-your-api-keys.mdx)
// FGA_CLIENT_SECRET = 'YOUR_CLIENT_SECRET' - Get this from your store settings in the dashboard, refer to the ["How to get your API Keys" page](./getting-your-api-keys.mdx)
public class Example {
public static void main(String[] args) {
var config = new ClientConfiguration()
.apiUrl(System.getenv("FGA_API_URL")) // If not specified, will default to "https://localhost:8080"
.storeId(System.getenv("FGA_STORE_ID")) // Not required when calling createStore() or listStores()
.authorizationModelId(System.getenv("FGA_MODEL_ID")) // Optional, can be overridden per request
.credentials(new Credentials(
new ClientCredentials()
.apiTokenIssuer(System.getenv("FGA_API_TOKEN_ISSUER"))
.apiAudience(System.getenv("FGA_API_AUDIENCE"))
.clientId(System.getenv("FGA_CLIENT_ID"))
.clientSecret(System.getenv("FGA_CLIENT_SECRET"))
));
var fgaClient = new OpenFgaClient(config);
}
}
export FGA_API_URL=https://api.us1.fga.dev # changes based on locality, refer to the ["How to get your API Keys" page](./getting-your-api-keys.mdx)
export FGA_STORE_ID={YOUR_STORE_ID} # Get this from your store settings in the dashboard, refer to the ["How to get your API Keys" page](./getting-your-api-keys.mdx)
export FGA_MODEL_ID={YOUR_MODEL_ID} # optional, can be overridden per request, helps reduce latency
export FGA_API_TOKEN_ISSUER=fga.us.auth0.com
export FGA_API_AUDIENCE=https://api.us1.fga.dev/ # changes based on locality, refer to the ["How to get your API Keys" page](./getting-your-api-keys.mdx)
export FGA_CLIENT_ID={YOUR_CLIENT_ID} # Get this from your store settings in the dashboard, refer to the ["How to get your API Keys" page](./getting-your-api-keys.mdx)
export FGA_CLIENT_SECRET={YOUR_CLIENT_SECRET} # Get this from your store settings in the dashboard, refer to the ["How to get your API Keys" page](./getting-your-api-keys.mdx)