{"id":13520941,"url":"https://github.com/authzed/authzed-go","last_synced_at":"2025-04-12T18:51:09.965Z","repository":{"id":38235102,"uuid":"332819751","full_name":"authzed/authzed-go","owner":"authzed","description":"Official SpiceDB client library for Go","archived":false,"fork":false,"pushed_at":"2025-04-07T15:32:00.000Z","size":2651,"stargazers_count":84,"open_issues_count":7,"forks_count":25,"subscribers_count":8,"default_branch":"main","last_synced_at":"2025-04-08T10:19:31.346Z","etag":null,"topics":["authorization","authzed","authzed-client","fine-grained-access-control","fine-grained-authorization","go","golang","permissions","sdk","spicedb","spicedb-client","zanzibar"],"latest_commit_sha":null,"homepage":"https://docs.authzed.com/reference/api","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/authzed.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE-OF-CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-01-25T17:01:41.000Z","updated_at":"2025-04-07T15:32:02.000Z","dependencies_parsed_at":"2023-11-27T18:27:24.670Z","dependency_job_id":"9ba42a2b-058a-45d4-bea1-05a6fac92607","html_url":"https://github.com/authzed/authzed-go","commit_stats":null,"previous_names":[],"tags_count":27,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authzed%2Fauthzed-go","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authzed%2Fauthzed-go/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authzed%2Fauthzed-go/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authzed%2Fauthzed-go/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/authzed","download_url":"https://codeload.github.com/authzed/authzed-go/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248618223,"owners_count":21134199,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authorization","authzed","authzed-client","fine-grained-access-control","fine-grained-authorization","go","golang","permissions","sdk","spicedb","spicedb-client","zanzibar"],"created_at":"2024-08-01T06:00:24.770Z","updated_at":"2025-04-12T18:51:09.934Z","avatar_url":"https://github.com/authzed.png","language":"Go","funding_links":[],"categories":["Clients"],"sub_categories":["Official Libraries"],"readme":"# Official SpiceDB Go Client\n\n[![GoDoc](https://godoc.org/github.com/authzed/authzed-go?status.svg)](https://godoc.org/github.com/authzed/authzed-go)\n[![Docs](https://img.shields.io/badge/docs-authzed.com-%234B4B6C \"Authzed Documentation\")](https://authzed.com/docs)\n[![YouTube](https://img.shields.io/youtube/channel/views/UCFeSgZf0rPqQteiTQNGgTPg?color=%23F40203\u0026logo=youtube\u0026style=flat-square\u0026label=YouTube \"Authzed YouTube Channel\")](https://www.youtube.com/channel/UCFeSgZf0rPqQteiTQNGgTPg)\n[![Discord Server](https://img.shields.io/discord/844600078504951838?color=7289da\u0026logo=discord \"Discord Server\")](https://authzed.com/discord)\n[![Twitter](https://img.shields.io/badge/twitter-%40authzed-1D8EEE?logo=twitter \"@authzed on Twitter\")](https://twitter.com/authzed)\n\nThis repository houses the official Go client library for SpiceDB and Authzed services.\n\n[SpiceDB] is an open source, [Google Zanzibar]-inspired, database system for creating and managing security-critical application permissions.\n\nDevelopers create a schema that models their permissions requirements and use any of the official or community maintained [client libraries] to apply the schema to the database, insert data into the database, and query the data to efficiently check permissions in their applications.\n\n[SpiceDB]: https://github.com/authzed/spicedb\n[Google Zanzibar]: https://authzed.com/blog/what-is-zanzibar/\n[client libraries]: https://github.com/authzed/awesome-spicedb#clients\n\nSupported client API versions:\n- [v1](https://buf.build/authzed/api/docs/main/authzed.api.v1)\n- [v1alpha1](https://buf.build/authzed/api/docs/main/authzed.api.v1alpha1)\n\nHave questions? Ask in our [Discord].\n\nLooking to contribute? See [CONTRIBUTING.md].\n\nYou can find issues by priority: [Urgent], [High], [Medium], [Low], [Maybe].\nThere are also [good first issues].\n\n[Discord]: https://authzed.com/discord\n[CONTRIBUTING.md]: https://github.com/authzed/authzed-go/blob/main/CONTRIBUTING.md\n[Urgent]: https://github.com/authzed/authzed-go/labels/priority%2F0%20urgent\n[High]: https://github.com/authzed/authzed-go/labels/priority%2F1%20high\n[Medium]: https://github.com/authzed/authzed-go/labels/priority%2F2%20medium\n[Low]: https://github.com/authzed/authzed-go/labels/priority%2F3%20low\n[Maybe]: https://github.com/authzed/authzed-go/labels/priority%2F4%20maybe\n[good first issues]: https://github.com/authzed/authzed-go/labels/hint%2Fgood%20first%20issue\n\n## Getting Started\n\nWe highly recommend following the **[Protecting Your First App]** guide to learn the latest best practice to integrate an application with Authzed.\n\n[Protecting Your First App]: https://docs.authzed.com/guides/first-app\n\n### Installation\n\nIf you're using a modern version of [Go], run the following commands to add dependencies to your project:\n\n```sh\ngo get github.com/authzed/authzed-go\ngo get github.com/authzed/grpcutil\n```\n\n[grpcutil] is not _strictly_ required, but greatly reduces the boilerplate required to create a client in the general case.\n\n[Go]: https://golang.org/dl/\n[grpcutil]: https://github.com/authzed/grpcutil\n\n### Initializing a client\n\nThe [`NewClient()`] constructor is the recommended method for creating a client.\n\nBecause this library is using [gRPC] under the hood, you are free to leverage the wealth of functionality provided via [DialOptions].\n\nIn order to successfully connect, you will have to provide a [Bearer Token] with your own API Token from the [Authzed dashboard] in place of `t_your_token_here_1234567deadbeef` in the following example:\n\n[`NewClient()`]: https://pkg.go.dev/github.com/authzed/authzed-go/v1#NewClient\n[Bearer Token]: https://datatracker.ietf.org/doc/html/rfc6750#section-2.1\n[Authzed Dashboard]: https://app.authzed.com\n[gRPC]: https://grpc.io\n[DialOptions]: https://pkg.go.dev/google.golang.org/grpc?utm_source=godoc#DialOption\n\n```go\nimport (\n\t\"github.com/authzed/authzed-go/v1\"\n\t\"github.com/authzed/grpcutil\"\n)\n\n...\nsystemCerts, err := grpcutil.WithSystemCerts(grpcutil.VerifyCA)\nif err != nil {\n\tlog.Fatalf(\"unable to load system CA certificates: %s\", err)\n}\n\nclient, err := authzed.NewClient(\n\t\"grpc.authzed.com:443\",\n\tsystemCerts,\n\tgrpcutil.WithBearerToken(\"t_your_token_here_1234567deadbeef\"),\n)\nif err != nil {\n\tlog.Fatalf(\"unable to initialize client: %s\", err)\n}\n```\n\n### Performing an API call\n\nRequests and response types are located in a package under `proto/` respective to their API version.\n\nBecause of the verbosity of these types, we recommend writing your own functions/methods to create these types from your existing application's models.\n\n```go\npackage main\n\nimport (\n\t\"context\"\n\t\"log\"\n\n\t\"github.com/authzed/authzed-go/proto/authzed/api/v1\"\n\t\"github.com/authzed/authzed-go/v1\"\n\t\"github.com/authzed/grpcutil\"\n)\n\nfunc main() {\n\temilia := \u0026v1.SubjectReference{Object: \u0026v1.ObjectReference{\n\t\tObjectType: \"blog/user\",\n\t\tObjectId:   \"emilia\",\n\t}}\n\n\tfirstPost := \u0026v1.ObjectReference{\n\t\tObjectType: \"blog/post\",\n\t\tObjectId:   \"1\",\n\t}\n\n\tclient, err := authzed.NewClient(\n\t\t\"grpc.authzed.com:443\",\n\t\tgrpcutil.WithSystemCerts(grpcutil.VerifyCA),\n\t\tgrpcutil.WithBearerToken(\"t_your_token_here_1234567deadbeef\"),\n\t)\n\tif err != nil {\n\t\tlog.Fatalf(\"unable to initialize client: %s\", err)\n\t}\n\n\tresp, err := client.CheckPermission(context.Background(), \u0026v1.CheckPermissionRequest{\n\t\tResource:   firstPost,\n\t\tPermission: \"read\",\n\t\tSubject:    emilia,\n\t})\n\tif err != nil {\n\t\tlog.Fatalf(\"failed to check permission: %s\", err)\n\t}\n\n\tif resp.Permissionship == v1.CheckPermissionResponse_PERMISSIONSHIP_HAS_PERMISSION {\n\t\tlog.Println(\"allowed!\")\n\t}\n}\n```\n\n### Insecure Credentials\nFor contexts that don't require TLS, such as a development environment or integration\ntests, it's possible to set up a client that does not use TLS:\n\n```go\nimport (\n\t\"github.com/authzed/grpcutil\"\n\t\"google.golang.org/grpc\"\n\t\"google.golang.org/grpc/credentials/insecure\"\n\n\t\"github.com/authzed/authzed-go/v1\"\n)\n\nclient, err := authzed.NewClient(\n    \"localhost:50051\",\n    grpc.WithTransportCredentials(insecure.NewCredentials()),\n    grpcutil.WithInsecureBearerToken(\"some token\"),\n)\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fauthzed%2Fauthzed-go","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fauthzed%2Fauthzed-go","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fauthzed%2Fauthzed-go/lists"}