Go Client Library

Installation#

Authzed ships a client library for Go at https://github.com/authzed/authzed-go, which can be installed via go get:

go get https://github.com/authzed/authzed-go

Creating a client#

The entrypoint in the Authzed Go client library is a Client, which must be instantiated with your authentication token:

import (
"context"
"log"
client "github.com/authzed/authzed-go"
api "github.com/authzed/authzed-go/arrakisapi/api"
)
func main() {
token := "t_your_token_here_1234567deadbeef"
options, err := client.NewClientOptions(token)
if err != nil {
log.Fatalf("Unable to create client options: %s", err)
}
client, err := client.NewClient(options)
if err != nil {
log.Fatalf("Unable to initialize client: %s", err)
}
}

Checking#

To Check, the client provides the check call.

Checking Example#

Let's say we wanted to check if a user has viewer permission on a document.

To do so via the Go client, we would first construct the objects we are referencing (here, the document and the user):

const document_ns = "mytenant/document"
const user_ns = "mytenant/user"
someDocument := createObject(document_ns, "somedocument")
someUser := createObject(user_ns, "someuser")("...")
note

See https://github.com/authzed/authzed-go/blob/main/README.md for definitions of the helper methods such as createObject.

Next, we would load the Zookie for the document (usually from our database):

// Load the revision from the database.
revision := "...."

Finally we issue a CheckRequest request via the api:

someDocument := createObject(document_ns, "somedocument")
someUser := createObject(user_ns, "someuser")("...")
// Load the revision from the database.
revision := "...."
// Make the check request to see if the user has `viewer` access.
req := api.CheckRequest{
TestUserset: someDocument("viewer"),
User: &api.User{
UserOneof: &api.User_Userset{
Userset: someUser,
},
},
AtRevision: revision,
}
resp, err := client.Check(context.Background(), &testReq)
if err != nil {
log.Fatalf("Unable to run check request: %s", err)
}
// Check if the user has access.
if resp.IsMember {
log.Printf("User %v has view access!", someUser)
}

Writing some tuples#

To Write, the client provides the WriteRequest call.

Writing Example#

Let's say we wanted to write some permissions for users on some documents:

mytenant/document:somedocument#viewer@mytenant/user:someuser#...
mytenant/document:somedocument#writer@mytenant/user:anotheruser#...

To do so via the Go client, we would first construct the objects we are referencing (here, the document and the users):

someDocument := createObject(document_ns, "somedocument")
someUser := createObject(user_ns, "someuser")("...")
anotherUser := createObject(user_ns, "anotheruser")("...")

Next, we can call WriteRequest to write the permission tuples:

someDocument := createObject(document_ns, "somedocument")
someUser := createObject(user_ns, "someuser")("...")
anotherUser := createObject(user_ns, "anotheruser")("...")
// Create some tuples that represent roles granted between users and objects
newTuples := []*api.RelationTupleUpdate{
createTuple(tuple(someDocument("viewer"), someUser)),
createTuple(tuple(someDocument("writer"), anotherUser)),
}
req := api.WriteRequest{
Updates: newTuples,
}
resp, err := client.Write(context.Background(), &req)
if err != nil {
log.Fatalf("Unable to write tuples: %s", err)
}

Finally, we save the returned Zookie on the document:

someDocument := createObject(document_ns, "somedocument")
someUser := createObject(user_ns, "someuser")("...")
anotherUser := createObject(user_ns, "anotheruser")("...")
// Create some tuples that represent roles granted between users and objects
newTuples := []*api.RelationTupleUpdate{
createTuple(tuple(someDocument("viewer"), someUser)),
createTuple(tuple(someDocument("writer"), anotherUser)),
}
req := api.WriteRequest{
Updates: newTuples,
}
resp, err := client.Write(context.Background(), &req)
if err != nil {
log.Fatalf("Unable to write tuples: %s", err)
}
// Store the updated revision for the document (in our database).
somedocument_db_row.setRevision(resp.Revision)

Full Example#

A full example can be found at https://github.com/authzed/authzed-go/tree/main/examples