authzed
Advanced tools
This repository houses the Python client library for Authzed.
Authzed is a database and service that stores, computes, and validates your application's permissions.
Developers create a schema that models their permissions requirements and use a client library, such as this one, to apply the schema to the database, insert data into the database, and query the data to efficiently check permissions in their applications.
Supported client API versions:
You can find more info on each API on the Authzed API reference documentation. Additionally, Protobuf API documentation can be found on the Buf Registry Authzed API repository.
See CONTRIBUTING.md for instructions on how to contribute and perform common tasks like building the project and running tests.
We highly recommend following the Protecting Your First App guide to learn the latest best practice to integrate an application with Authzed.
If you're interested in examples of a specific version of the API, they can be found in their respective folders in the examples directory.
This project is packaged as the wheel authzed on the Python Package Index.
If you are using pip, the command to install the library is:
pip install authzed
With the exception of gRPC utility functions found in grpcutil, everything required to connect and make API calls is located in a module respective to API version.
In order to successfully connect, you will have to provide a Bearer Token with your own API Token from the Authzed dashboard in place of t_your_token_here_1234567deadbeef in the following example:
from authzed.api.v1 import Client
from grpcutil import bearer_token_credentials
client = Client(
"grpc.authzed.com:443",
bearer_token_credentials("t_your_token_here_1234567deadbeef"),
)
from authzed.api.v1 import (
CheckPermissionRequest,
CheckPermissionResponse,
ObjectReference,
SubjectReference,
)
post_one = ObjectReference(object_type="blog/post", object_id="1")
emilia = SubjectReference(object=ObjectReference(
object_type="blog/user",
object_id="emilia",
))
# Is Emilia in the set of users that can read post #1?
resp = client.CheckPermission(CheckPermissionRequest(
resource=post_one,
permission="reader",
subject=emilia,
))
assert resp.permissionship == CheckPermissionResponse.PERMISSIONSHIP_HAS_PERMISSION
When running in a context like docker compose, because of Docker's virtual networking,
the gRPC client sees the SpiceDB container as "remote." It has built-in safeguards to prevent
calling a remote client in an insecure manner, such as using client credentials without TLS.
However, this is a pain when setting up a development or testing environment, so we provide
the InsecureClient as a convenience:
from authzed.api.v1 import InsecureClient
client = InsecureClient(
"spicedb:50051",
"my super secret token"
)
The authzed-py supports Authzed Materialize API. The Materialize API allows you to build and maintain materialized views of your permissions data in your own systems for high-performance lookups.
Learn more in the Materialize API Quickstart Guide that can be found the examples directory.
FAQs
Client library for SpiceDB.
We found that authzed demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
minimatch patched three high-severity ReDoS vulnerabilities that can stall the Node.js event loop, and Socket has released free certified patches.
Research
/Security News
Socket uncovered 26 malicious npm packages tied to North Korea's Contagious Interview campaign, retrieving a live 9-module infostealer and RAT from the adversary's C2.
Research
An impersonated golang.org/x/crypto clone exfiltrates passwords, executes a remote shell stager, and delivers a Rekoobe backdoor on Linux.