Skip to content

authzed/authzed-dotnet

Repository files navigation

Authzed.Net

Nuget License Build Status Mailing List Discord Server Twitter LinkedIn

This repository houses the official .NET (generated in C#) client library for Authzed and SpiceDB.

Authzed is a database and service that stores, computes, and validates your application's permissions.

Developers create a schema that models their permissions requirements and use a client library, such as this one, to apply the schema to the database, insert data into the database, and query the data to efficiently check permissions in their applications.

Supported client API versions:

You can find more info on each API on the Authzed API reference documentation. Additionally, Protobuf API documentation can be found on the Buf Registry Authzed API repository.

See CONTRIBUTING.md for instructions on how to contribute and perform common tasks like building the project and running tests.

Getting Started

We highly recommend following the Protecting Your First App guide to learn the latest best practice to integrate an application with Authzed.

If you're interested in example usages, including integration with a Kestrel API, they can be found in their respective folders in the examples directory.

Basic Usage

Installation

With dotnet:

dotnet add package Authzed.Net

With nuget:

nuget install Authzed.Net

Initializing a Client

Currently, everything required to connect and make API calls is located in a module respective to API version.

In order to successfully connect, you will have to provide a Bearer Token with your own API Token from the Authzed dashboard in place of t_your_token_here_1234567deadbeef in the following example.

using Authzed.Api.V1;
using Grpc.Core;
using Grpc.Net.Client;
using System;

// In some other block
var token = "my super secret key"
var credentials = CallCredentials.FromInterceptor((context, metadata) =>
{
    metadata.Add("Authorization", $"Bearer {token}");
    return Task.CompletedTask;
});

var options = new GrpcChannelOptions
{
    Credentials = ChannelCredentials.Create(new SslCredentials(), credentials),
};
var channel = GrpcChannel.ForAddress("https://my.spicedb.service:50051", options);
var client = new PermissionsService.PermissionsServiceClient(channel);

Note that the above example shows the Permission client specifically; a fully working flow will also require the Schema service.

Also note that we're using TLS. For an example that does not use TLS, see the API in the examples directory.

Performing an API Request

using Authzed.Api.V1;
using Grpc.Core;
using Google.Protobuf.WellKnownTypes;

// Continuing from above
var response = await client.CheckPermissionAsync(new CheckPermissionRequest
{
    Resource = new ObjectReference { ObjectType = "post", ObjectId = "post-one" },
    Permission = "view",
    Subject = new SubjectReference
    {
        Object = new ObjectReference
        {
            ObjectType = "user",
            ObjectId = "emilia"
        }
    },
    Consistency = new Consistency { FullyConsistent = true }
});
Console.WriteLine(response.Permissionship)