Introduction to Auth0 Fine-Grained Authorization (FGA)
Auth0 FGA is a fast, flexible, and scalable authorization service for developers, enabling them to implement authorization for any application and seamlessly adapt it as complexity grows over time.
Inspired by Google’s Zanzibar, Google’s internal authorization system, Auth0 FGA relies on Relationship-Based Access Control, which allows developers to easily implement Role-Based Access Control and provides additional capabilities to implement Attribute-Based Access Control. You can learn more about different authorization concepts here.
Auth0 FGA is based on OpenFGA, an open-source project owned by the Cloud Native Computing Foundation for which Auth0/Okta is a core maintainer.
Benefits
Auth0 FGA provides developers with the following benefits:
- Move authorization logic outside of application code, making it easier to write, change, and audit.
- Increase velocity by standardizing on a single authorization solution.
- Centralize authorization decisions and audit logs, simplifying compliance with security and regulatory requirements.
- Reduce development time for authorization changes.
- A highly available and scalable solution deployed in two AWS regions for each locality (US, Europe, Australia) with active-active replication.
- A Private Cloud offering for customers that want dedicated infrastructure in any AWS region and high RPS.
Features
Auth0 FGA helps developers achieve these benefits with the following features:
- The Auth0 FGA Dashboard, to learn how to use Auth0 FGA and collaborate with colleagues securely, supporting Single Sign-On with your corporate identity provider.
- Support for multiple stores that allow authorization management in different environments (prod/testing/dev) and use cases (internal apps, external apps, infrastructure).
- Support for Attribute-Based Access Control scenarios with Contextual Tuples and Conditional Relationship Tuples.
- An HTTP API.
- SDKs for Java, .NET, JavaScript, Go, and Python, instrumented with OpenTelemetry.
- A Command Line Interface tool for managing Auth0 FGA environments, testing models, and importing/exporting models and data.
- GitHub Actions for testing and deploying models.
- Integration with Visual Studio Code and JetBrains IDEs with syntax highlighting and validation of FGA models and tests.
- Support for Modular Models to enable multiple teams to share and collaborate on the same authorization model securely.
Free tier
You can use Auth0 FGA for free for evaluation purposes or purchase a subscription for production usage. Refer to the subscription plans for more details.