Openfga Mcp
What is Openfga Mcp
openfga-mcp is an experimental Model Context Protocol (MCP) server that allows Large Language Models (LLMs) to programmatically read, search, and manipulate OpenFGA stores, facilitating advanced authorization capabilities for AI and fine-grained coding for humans.
Use cases
Use cases for openfga-mcp include dynamic access control where LLMs interpret permissions, policy management through conversation, providing justifications for access decisions, diagnosing permissions issues, and enabling secure collaboration with temporary access.
How to use
To use openfga-mcp, install it via pip or from source, then run the server using the command line or Docker. Connect your LLM application to the MCP server endpoint, typically at http://localhost:8090.
Key features
Key features of openfga-mcp include dynamic access control through natural language interpretation, policy management via conversational interfaces, explainable authorization, conversational policy debugging, and secure collaboration with precise access scopes.
Where to use
openfga-mcp can be used in fields requiring dynamic access control, such as software development, security management, and any application involving user permissions and authorization.
Clients Supporting MCP
The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.
Overview
What is Openfga Mcp
openfga-mcp is an experimental Model Context Protocol (MCP) server that allows Large Language Models (LLMs) to programmatically read, search, and manipulate OpenFGA stores, facilitating advanced authorization capabilities for AI and fine-grained coding for humans.
Use cases
Use cases for openfga-mcp include dynamic access control where LLMs interpret permissions, policy management through conversation, providing justifications for access decisions, diagnosing permissions issues, and enabling secure collaboration with temporary access.
How to use
To use openfga-mcp, install it via pip or from source, then run the server using the command line or Docker. Connect your LLM application to the MCP server endpoint, typically at http://localhost:8090.
Key features
Key features of openfga-mcp include dynamic access control through natural language interpretation, policy management via conversational interfaces, explainable authorization, conversational policy debugging, and secure collaboration with precise access scopes.
Where to use
openfga-mcp can be used in fields requiring dynamic access control, such as software development, security management, and any application involving user permissions and authorization.
Clients Supporting MCP
The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.
Content
OpenFGA MCP Server
An experimental Model Context Protocol (MCP) server that enables Large Language Models (LLMs) to read, search, and manipulate OpenFGA stores. Unlocks authorization for agentic AI, and fine-grained vibe coding✨ for humans.
Requirements
- Python 3.12+
- An OpenFGA server
Features
Tools
Store Management
create_store: Creates a new Store. (create-store)list_stores: List all stores. (list-stores)get_store: Get a store details. (get-store)delete_store: Delete a store. (delete-store)get_store_id_by_name: Get the ID of a store by it’s name.
Authorization Model Management
write_authorization_model: Write an authorization model. (write-authorization-model)read_authorization_models: List all authorization models. (read-authorization-models)get_authorization_model: Get a particular version of an authorization model details. (get-authorization-model)
Relationship Tuples Management
write_relation_tuples: Write relation tuples. (write-relation-tuples)read_relation_tuples: Read relation tuples. (read-relation-tuples)
Relationship Queries
check: Check if a user has a relation to an object. (check)list_objects: List objects of a type that a user has a relation to. (list-objects)list_users: List users that have a given relationship with a given object. (list-users)
Resources
Prompts
Usage
We recommend running the server using UVX:
uvx openfga-mcp@latest
Installing via Smithery
To install OpenFGA MCP Server for Claude Desktop automatically via Smithery:
npx -y @smithery/cli install @evansims/openfga-mcp --client claude
Configuration
The server accepts the following arguments:
--openfga_url: URL of your OpenFGA server--openfga_store: ID of the OpenFGA store the MCP server will use--openfga_model: ID of the OpenFGA authorization model the MCP server will use
For API token authentication:
--openfga_token: API token for use with your OpenFGA server
For Client Credentials authentication:
--openfga_client_id: Client ID for use with your OpenFGA server--openfga_client_secret: Client secret for use with your OpenFGA server--openfga_api_issuer: API issuer for use with your OpenFGA server--openfga_api_audience: API audience for use with your OpenFGA server
For example:
uvx openfga-mcp@latest \
--openfga_url="http://127.0.0.1:8080" \
--openfga_store="your-store-id" \
--openfga_model="your-model-id"
Using with Claude Desktop
To configure Claude to use the server, add the following to your Claude config:
{
"mcpServers": {
"openfga-mcp": {
"command": "uvx",
"args": [
"openfga-mcp@latest"
]
}
}
}- You may need to specify the full path to your
uvxexecutable. Usewhich uvxto find it. - You must restart Claude after updating the configuration.
Using with Raycast
Using with Cursor
Using with Windsurf
Development
To setup your development environment, run:
make setup
To run the development server:
make run \
--openfga_url="http://127.0.0.1:8080" \
--openfga_store="your-store-id" \
--openfga_model="your-model-id"
To run the development server with the MCP Inspector:
make dev
License
Apache 2.0
Dev Tools Supporting MCP
The following are the main code editors that support the Model Context Protocol. Click the link to visit the official website for more information.
