Project

authzed

0.02
The project is in a healthy, maintained state
Authzed is the best way to build robust and scalable permissions systems. See https://authzed.com for more details.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

~> 0.10
~> 13
~> 3

Runtime

~> 1.41
~> 1.41
 Project Readme

Authzed Ruby Client

Ruby Gems Docs License Build Status Discord Server Twitter

This repository houses the official Ruby client library for Authzed and SpiceDB.

SpiceDB is a database system for managing security-critical permissions checking.

SpiceDB acts as a centralized service that stores authorization data. Once stored, data can be performantly queried to answer questions such as "Does this user have access to this resource?" and "What are all the resources this user has access to?".

Authzed operates the globally available, serverless database platform for SpiceDB.

Supported client API versions:

You can find more info about the API in the Authzed Documentation API Reference or the Authzed API Buf Registry repository.

See CONTRIBUTING.md for instructions on how to contribute and perform common tasks like building the project and running tests.

Getting Started

We highly recommend following the Protecting Your First App guide to learn the latest best practice to integrate an application with Authzed.

If you're interested in example uses of the API, see the spec files in the spec directory.

Basic Usage

Installation

This project is packaged as the gem authzed on Ruby Gems.

The command to install the library is:

gem install authzed

Initializing a client

In order to successfully connect, you will have to provide a Bearer Token with your own API Token from the Authzed dashboard in place of t_your_token_here_1234567deadbeef in the following example:

require 'authzed'


client = Authzed::Api::V1::Client.new(
    target: "localhost:50051",
    credentials: :this_channel_is_insecure,
    interceptors: [Authzed::GrpcUtil::BearerToken.new(token: "somerandomkeyhere")],
)

Performing an API call

require 'authzed'

# Is Emilia in the set of users that can read post #1?
resp = client.permissions_service.check_permission(
  Authzed::Api::V1::CheckPermissionRequest.new(
    consistency: Authzed::Api::V1::Consistency.new(
      at_least_as_fresh: Authzed::Api::V1::ZedToken.new(token: zed_token)
    ),
    resource: Authzed::Api::V1::ObjectReference.new(object_type: 'blog/post', object_id: '1'),
    permission: 'read',
    subject: Authzed::Api::V1::SubjectReference.new(
      object: Authzed::Api::V1::ObjectReference.new(object_type: 'blog/user', object_id: 'emilia')
    )
  )
)
can_read = Authzed::Api::V1::CheckPermissionResponse::Permissionship.resolve(resp.permissionship) ==
  Authzed::Api::V1::CheckPermissionResponse::Permissionship::PERMISSIONSHIP_HAS_PERMISSION