{"id":22959852,"url":"https://github.com/pycasbin/graphql-authz","last_synced_at":"2026-05-03T04:31:42.585Z","repository":{"id":185825935,"uuid":"674148323","full_name":"pycasbin/graphql-authz","owner":"pycasbin","description":"graphql-authz is an casbin authorization middleware for GraphQL","archived":false,"fork":false,"pushed_at":"2024-03-29T13:32:33.000Z","size":16,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-25T10:01:48.727Z","etag":null,"topics":["abac","acl","auth","authorization","casbin","graphql","pycasbin","python","rbac"],"latest_commit_sha":null,"homepage":"https://github.com/casbin/pycasbin","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pycasbin.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-08-03T08:50:05.000Z","updated_at":"2023-08-24T06:08:19.000Z","dependencies_parsed_at":null,"dependency_job_id":"2942bc99-fb9c-4a7b-82b0-f5af9637782e","html_url":"https://github.com/pycasbin/graphql-authz","commit_stats":null,"previous_names":["pycasbin/graphql-authz"],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pycasbin%2Fgraphql-authz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pycasbin%2Fgraphql-authz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pycasbin%2Fgraphql-authz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pycasbin%2Fgraphql-authz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pycasbin","download_url":"https://codeload.github.com/pycasbin/graphql-authz/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246746389,"owners_count":20827058,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["abac","acl","auth","authorization","casbin","graphql","pycasbin","python","rbac"],"created_at":"2024-12-14T18:29:01.124Z","updated_at":"2026-05-03T04:31:37.564Z","avatar_url":"https://github.com/pycasbin.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# graphql-authz\n\n[![Build Status](https://github.com/pycasbin/graphql-authz/actions/workflows/build.yml/badge.svg)](https://github.com/pycasbin/graphql-authz/actions/workflows/build.yml)\n[![Coverage Status](https://coveralls.io/repos/github/pycasbin/graphql-authz/badge.svg)](https://coveralls.io/github/pycasbin/graphql-authz)\n[![Version](https://img.shields.io/pypi/v/casbin-graphql-authz.svg)](https://pypi.org/project/casbin-graphql-authz/)\n[![PyPI - Wheel](https://img.shields.io/pypi/wheel/casbin-graphql-authz.svg)](https://pypi.org/project/casbin-graphql-authz/)\n[![Pyversions](https://img.shields.io/pypi/pyversions/casbin-graphql-authz.svg)](https://pypi.org/project/casbin-graphql-authz/)\n[![Download](https://img.shields.io/pypi/dm/casbin-graphql-authz.svg)](https://pypi.org/project/casbin-graphql-authz/)\n[![Discord](https://img.shields.io/discord/1022748306096537660?logo=discord\u0026label=discord\u0026color=5865F2)](https://discord.gg/S5UjpzGZjN)\n\nGraphQL-Authz is a Python port of [GraphQL-Authz](https://github.com/node-casbin/graphql-authz), the [Casbin](https://casbin.org/) authorization middleware implementation in [Node.js](https://nodejs.org/en/).\n\nThis package should be used with [GraphQL-core 3](https://github.com/graphql-python/graphql-core), providing the\ncapability to limit access to each GraphQL resource with the authorization middleware.\n\n## Installation\n\nInstall the package using pip.\n\n```shell\npip install casbin-graphql-authz\n```\n\nGet Started\n--------\n\nLimit the access to each GraphQL resource with a policy. For example,\ngiven this policy for an [RBAC](https://casbin.org/docs/rbac/) model:\n\n```csv\np, authorized_user, hello, query\n```\n\nAuthorization can be enforced using:\n\n```python3\nimport casbin\nfrom authz.middleware import enforcer_middleware\n\nfrom graphql import (\n    graphql_sync,\n    GraphQLSchema,\n    GraphQLObjectType,\n    GraphQLField,\n    GraphQLString,\n)\n\n\nschema = GraphQLSchema(\n    query=GraphQLObjectType(\n        name=\"RootQueryType\",\n        fields={\n            \"hello\": GraphQLField(\n                GraphQLString,\n                resolve=lambda obj, info: \"world\")\n        }))\n\nenforcer = casbin.Enforcer(\"model_file.conf\", \"policy_file.csv\")\nauthorization_middleware = enforcer_middleware(enforcer)\n\nquery = \"\"\"{ hello }\"\"\"\n\n# Authorized user (\"authorized_user\") has access to data\nresponse = graphql_sync(\n    schema,\n    query,\n    middleware=[authorization_middleware],\n    context_value={\"role\": \"authorized_user\"}\n)\nassert response.data == {\"hello\": \"world\"}\n\n# Unauthorized users (\"unauthorized_user\") are rejected\nresponse = graphql_sync(\n    schema,\n    query,\n    middleware=[authorization_middleware],\n    context_value={\"role\": \"unauthorized_user\"}\n)\nassert response.errors[0].message == \"unauthorized_user can not query hello\"\n```\n\nFor more interesting scenarios see `tests` folder.\n\n## Credits\n\nImplementation was heavily inspired by the [Node.js](https://nodejs.org/en/) middleware [GraphQL-Authz](https://github.com/node-casbin/graphql-authz).\n\nAuthorization enforcement is based on [Casbin](https://casbin.org/) authorization library.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpycasbin%2Fgraphql-authz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpycasbin%2Fgraphql-authz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpycasbin%2Fgraphql-authz/lists"}