{"id":22666642,"url":"https://github.com/officialpycasbin/graphql-authz","last_synced_at":"2026-01-28T05:20:54.315Z","repository":{"id":262354233,"uuid":"886980703","full_name":"officialpycasbin/graphql-authz","owner":"officialpycasbin","description":"GraphQL authorization middleware based on PyCasbin","archived":false,"fork":false,"pushed_at":"2025-08-20T17:41:18.000Z","size":23,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-09-27T10:02:07.453Z","etag":null,"topics":["abac","acl","auth","authorization","authz","casbin","graphql","middleware","pycasbin","python","rbac"],"latest_commit_sha":null,"homepage":"https://github.com/casbin/pycasbin","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/officialpycasbin.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-11-12T00:43:24.000Z","updated_at":"2025-08-20T17:41:20.000Z","dependencies_parsed_at":null,"dependency_job_id":"cd52cd09-4063-47e5-9e6a-f29e4f9f8df8","html_url":"https://github.com/officialpycasbin/graphql-authz","commit_stats":null,"previous_names":["officialpycasbin/graphql-authz"],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/officialpycasbin/graphql-authz","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/officialpycasbin%2Fgraphql-authz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/officialpycasbin%2Fgraphql-authz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/officialpycasbin%2Fgraphql-authz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/officialpycasbin%2Fgraphql-authz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/officialpycasbin","download_url":"https://codeload.github.com/officialpycasbin/graphql-authz/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/officialpycasbin%2Fgraphql-authz/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28840088,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-28T02:10:51.810Z","status":"ssl_error","status_checked_at":"2026-01-28T02:10:50.806Z","response_time":57,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["abac","acl","auth","authorization","authz","casbin","graphql","middleware","pycasbin","python","rbac"],"created_at":"2024-12-09T14:17:20.394Z","updated_at":"2026-01-28T05:20:54.309Z","avatar_url":"https://github.com/officialpycasbin.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# graphql-authz\n\n[![Build Status](https://github.com/officialpycasbin/graphql-authz/actions/workflows/build.yml/badge.svg)](https://github.com/officialpycasbin/graphql-authz/actions/workflows/build.yml)\n[![Coverage Status](https://coveralls.io/repos/github/officialpycasbin/graphql-authz/badge.svg)](https://coveralls.io/github/officialpycasbin/graphql-authz)\n[![Version](https://img.shields.io/pypi/v/casbin-graphql-authz.svg)](https://pypi.org/project/casbin-graphql-authz/)\n[![PyPI - Wheel](https://img.shields.io/pypi/wheel/casbin-graphql-authz.svg)](https://pypi.org/project/casbin-graphql-authz/)\n[![Pyversions](https://img.shields.io/pypi/pyversions/casbin-graphql-authz.svg)](https://pypi.org/project/casbin-graphql-authz/)\n[![Download](https://static.pepy.tech/badge/casbin-graphql-authz)](https://pypi.org/project/casbin-graphql-authz/)\n[![Discord](https://img.shields.io/discord/1022748306096537660?logo=discord\u0026label=discord\u0026color=5865F2)](https://discord.gg/S5UjpzGZjN)\n\nGraphQL-Authz is a Python port of [GraphQL-Authz](https://github.com/node-casbin/graphql-authz), the [Casbin](https://casbin.org/) authorization middleware implementation in [Node.js](https://nodejs.org/en/).\n\nThis package should be used with [GraphQL-core 3](https://github.com/graphql-python/graphql-core), providing the\ncapability to limit access to each GraphQL resource with the authorization middleware.\n\n## Installation\n\nInstall the package using pip.\n\n```shell\npip install casbin-graphql-authz\n```\n\nGet Started\n--------\n\nLimit the access to each GraphQL resource with a policy. For example,\ngiven this policy for an [RBAC](https://casbin.org/docs/rbac/) model:\n\n```csv\np, authorized_user, hello, query\n```\n\nAuthorization can be enforced using:\n\n```python3\nimport casbin\nfrom authz.middleware import enforcer_middleware\n\nfrom graphql import (\n    graphql_sync,\n    GraphQLSchema,\n    GraphQLObjectType,\n    GraphQLField,\n    GraphQLString,\n)\n\n\nschema = GraphQLSchema(\n    query=GraphQLObjectType(\n        name=\"RootQueryType\",\n        fields={\n            \"hello\": GraphQLField(\n                GraphQLString,\n                resolve=lambda obj, info: \"world\")\n        }))\n\nenforcer = casbin.Enforcer(\"model_file.conf\", \"policy_file.csv\")\nauthorization_middleware = enforcer_middleware(enforcer)\n\nquery = \"\"\"{ hello }\"\"\"\n\n# Authorized user (\"authorized_user\") has access to data\nresponse = graphql_sync(\n    schema,\n    query,\n    middleware=[authorization_middleware],\n    context_value={\"role\": \"authorized_user\"}\n)\nassert response.data == {\"hello\": \"world\"}\n\n# Unauthorized users (\"unauthorized_user\") are rejected\nresponse = graphql_sync(\n    schema,\n    query,\n    middleware=[authorization_middleware],\n    context_value={\"role\": \"unauthorized_user\"}\n)\nassert response.errors[0].message == \"unauthorized_user can not query hello\"\n```\n\nFor more interesting scenarios see `tests` folder.\n\n## Credits\n\nImplementation was heavily inspired by the [Node.js](https://nodejs.org/en/) middleware [GraphQL-Authz](https://github.com/node-casbin/graphql-authz).\n\nAuthorization enforcement is based on [Casbin](https://casbin.org/) authorization library.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fofficialpycasbin%2Fgraphql-authz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fofficialpycasbin%2Fgraphql-authz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fofficialpycasbin%2Fgraphql-authz/lists"}