These proto files will be used to generate the models for:

• Configuration
• Client
• ClientConfiguration

When inspecting the traces of the calls to auth0 in our system, I noticed we make a call to get a token on every request.
After looking at the JS sdk code, I noticed that the credentials are indeed cached in the BaseAPI object, but this property is not used (as far as I can tell).
Every call to `createRequestFunction does not pass the credentials object, so the class is instantiated each time and the token is not cached.

Yes, I am aware that auth0 FGA have a separate SDK, we are using the OSS one to make testing easier.

When providing configuration to the SDKs, the user may put any strings in most of the fields

We already validate that: apiScheme + apiHost and the apiTokenIssuer are in the appropriate format, we should do the same for StoreId and AuthorizationModelId where appropriate as we know they are in ulid format.

We should not integrate the ulid library for that, as we'd rather keep our prod dependencies to an absolute minimum, but we can use regex.

[0-7][0-9A-HJKMNP-TV-Z]{25} should work, but we have not verified it yet (source).

Tests must be added for all corresponding functionality

• JS SDK: #117
• Go SDK #133
• .NET SDK openfga/dotnet-sdk#36
• Python SDK: #116

We need more tests for:

• CRUD store methods
• API Token being passed in headers

Exception in Python SDK should contain selected http response header info, such as

• x-ratelimit-limit
• x-ratelimit-remaining
• x-ratelimit-reset
• fga-request-id
• fga-query-duration-ms
• openfga-authorization-model-id

Some folks have expressed confusion with:

transaction = {
  disable: false, // defaults to false
  ...
}

We'd like to change it to:

transaction = {
  enable: true, // defaults to true
  ...
}

Open question, what should the default be?

Something about generating the Java SDK requires building twice.

See: #160 (comment)

Here's a gist with a failure: https://gist.github.com/booniepepper/0e197ea5b3c2a297338115f7eee4bb27

Subsequent builds work just fine

Ref:

• ListObjects RFC
• ListObjects API endpoint

Hello, I was navigating the project and I encountered that the link to the sdk-generator is broken in CONTRIBUTING.md
The present link takes to: https://github.com/openfga/sd-generator
whereas the actual link is https://github.com/openfga/sdk-generator

It is a small typo but it would be fantastic to fix it.

Additionally, I also found that the link for CODE_OF_CONDUCT redirects to: https://github.com/openfga/rfcs/blob/main/CODE-OF-CONDUCT.md which also gives 404

• JS SDK
• GO SDK
• .NET SDK
• Python SDK

Steps taken:

• Cloned the repo
• Ran make setup-new-sdk
• Filled in the config.overrides.json
• Ran make build-client-rust, ended up with this error:

% make build-client-rust
make build-client sdk_language=rust tmpdir=/tmp/tmp.wm6Z2
make[1]: Entering directory '/home/nett/Stuff/openfga-sdk-generator'
mkdir -p "/home/nett/Stuff/openfga-sdk-generator/docs/openapi/" "/home/nett/Stuff/openfga-sdk-generator/clients/"
mkdir -p "/home/nett/Stuff/openfga-sdk-generator/docs/openapi"
curl "https://raw.githubusercontent.com/openfga/api/main/docs/openapiv2/apidocs.swagger.json" \
     -o "/home/nett/Stuff/openfga-sdk-generator/docs/openapi/openfga.openapiv2.raw.json"
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 63399  100 63399    0     0   435k      0 --:--:-- --:--:-- --:--:--  439k
cat "/home/nett/Stuff/openfga-sdk-generator/docs/openapi/openfga.openapiv2.raw.json" | \
	docker run --rm -i stedolan/jq \
	 '(.. | .tags? | select(.)) |= ["OpenFga"] | (.tags? | select(.)) |= [{"name":"OpenFga"}] | del(.definitions.ReadTuplesParams, .definitions.ReadTuplesResponse, .paths."/stores/{store_id}/read-tuples", .definitions.StreamedListObjectsRequest, .definitions.StreamedListObjectsResponse, .paths."/stores/{store_id}/streamed-list-objects")' > \
	/home/nett/Stuff/openfga-sdk-generator/docs/openapi/openfga.openapiv2.json
sed -i -e 's/v1.//g' /home/nett/Stuff/openfga-sdk-generator/docs/openapi/openfga.openapiv2.json
# Build a config from common + overrides
jq -rs 'reduce .[] as $item ({}; . * $item)' "/home/nett/Stuff/openfga-sdk-generator/config/common/config.base.json" "/home/nett/Stuff/openfga-sdk-generator/config/clients/rust/config.overrides.json" > "/tmp/tmp.wm6Z2/config.json"
mkdir -p "/home/nett/Stuff/openfga-sdk-generator/clients/fga-rust-sdk"
# Initialize the temporary template directory
mkdir "/tmp/tmp.wm6Z2/template"
# Copy the shared files into temp template
cp -r "/home/nett/Stuff/openfga-sdk-generator/config/common/files/." "/tmp/tmp.wm6Z2/template/"
# Copy the template files into temp template
cp -r "/home/nett/Stuff/openfga-sdk-generator/config/clients/rust/template/." "/tmp/tmp.wm6Z2/template/"
# Copy the CHANGELOG.md file into temp template
cp "/home/nett/Stuff/openfga-sdk-generator/config/clients/rust/CHANGELOG.md.mustache" "/tmp/tmp.wm6Z2/template/"
# Clear existing directory
cd "/home/nett/Stuff/openfga-sdk-generator/clients/fga-rust-sdk" && ls -A | grep -Ev '.git|node_modules|.idea' | xargs rm -r && cd -
rm: missing operand
Try 'rm --help' for more information.
make[1]: *** [Makefile:149: build-client] Error 123
make[1]: Leaving directory '/home/nett/Stuff/openfga-sdk-generator'
make: *** [Makefile:245: build-client-rust] Error 2

This seems to be related to this SO question: https://stackoverflow.com/questions/36617999/error-rm-missing-operand-when-using-along-with-find-command
cd "/home/nett/Stuff/openfga-sdk-generator/clients/fga-rust-sdk" && ls -A | grep -Ev '.git|node_modules|.idea' returns exit code 1 as the directory is completely empty:

% ls -A clients/fga-rust-sdk
% cd "/home/nett/Stuff/openfga-sdk-generator/clients/fga-rust-sdk" && ls -A | grep -Ev '.git|node_modules|.idea'
% echo $?
1

CICD is failing due to JS lint issue (https://github.com/openfga/sdk-generator/runs/6926038139?check_suite_focus=true).

Let's get the best HTTP client library that will fit OpenFGA needs:

The primary list I'm considering is the list of library options from openapi-generator:

https://github.com/OpenAPITools/openapi-generator/blob/master/docs/generators/java.md#config-options

Features

All above support both synchronous and asynchronous execution. They also all support HTTP Header
customization, although the REST versions tend to have more abstraction.

The following HTTP libraries are supported by the Open API generator, but are
not stand-alone projects, so are not included in the table above:

• Google API client, Spring RestTemplate, Spring WebTemplate. These are frontends that allow for pluggable HTTP backends (like Apache HTTP, or Java 11's HttpClient)
• rest-assured is a REST wrapper over Apache HttpClient
• Microprofile is a REST wrapper over another REST library

Feature References:

• Links above, per project
• https://reflectoring.io/comparison-of-java-http-clients/

Benchmarking

Benchmarking References:

• https://dzone.com/articles/high-concurrency-http-clients-on-the-jvm
• https://www.techempower.com/benchmarks/#section=data-r21&hw=ph&test=update&p=zik0zj-qmx0qn-zik0zj-zijzb3-4fti4f&a=2

Notes: The long-term support (LTS) versions of JDK today are 8, 11, 17. JDK 8 ended active
support in May 2022, but is widely used and will see security support until 2030. JDK 21 is
scheduled for release in Sept 2023.

• FGA Client Wrapper: OpenFgaClient that wraps OpenFgaApi
• FGA Client Wrapper Tests
• BatchCheck Method
• BatchCheck Request Header
• BatchCheck Tests
• BatchCheck Configurable Parallelization
• ListRelations Method
• ListRelations: Validate passed relations on the authorization model
• ListRelations: If no relations passed, get them from the authorization model
• ListRelations Request Header
• ListRelations Tests
• ListRelations Configurable Parallelization
• Update README to use OpenFgaClient instead of OpenFgaApi

Related issues:

• JS SDK: openfga/js-sdk#20

We currently manually hide the StreamedListObjects endpoint from the SDKs.

We should:

• Allow this if possible in the OpenFgaApi interface, and use it underneath the hood for the ListObjects method in the OpenFgaClient interface.

Progress:

• JS SDK
• Go SDK
• .NET SDK
• Python SDK
• Java SDK

Currently, the CICD for GoLang and .NET fails due to TypeDefinitions no longer defined

People have mentioned needing to call check on a set of items without having to call /check multiple times

• JS SDK: #92
• Go SDK: #109
• .NET SDK: #104
• Python SDK: #116

Rel: openfga/openfga#182

For each request, allow a BaseConfiguration to be added as a parameter. When added, they should be used instead of values from Configuration it was initialized with

Reminder: Call assertValid()

Need to update the python client generator for the following bug

• openfga/python-sdk#23
• openfga/python-sdk#24
• openfga/python-sdk#25
• openfga/python-sdk#26
• openfga/python-sdk#27
• openfga/python-sdk#28
• openfga/python-sdk#29

The recommendation is to use authorization model id whenever possible (i.e., check, expand, read, write, list object). As such, the READMEs and test should have authorization model id for these calls.

The ApiToken authentication method does not seem to be working, no authorization header is passed even though it is configured.
I took a glance at the code and the BaseClient seems to be created before the Authorization headers get added to the configuration's DefaultHeaders.

ApiClient.cs

public ApiClient(Configuration.Configuration configuration, HttpClient? userHttpClient = null) {
        configuration.IsValid();
        _configuration = configuration;
        _baseClient = new BaseClient(configuration, userHttpClient);

        if (configuration.Credentials == null) {
            return;
        }

        switch (configuration.Credentials.Method) {
            case CredentialsMethod.ApiToken:
                configuration.DefaultHeaders.Add("Authorization", $"Bearer {configuration.Credentials.Config!.ApiToken}");
                break;
            case CredentialsMethod.ClientCredentials:
                _oauth2Client = new OAuth2Client(configuration.Credentials, _baseClient);
                break;
            case CredentialsMethod.None:
            default:
                break;
        }
    }

As the number of Client APIs increase, to ensure there is uniform test coverage across those APIs, it would be useful to maintain a central set of Feature Files that describe baseline tests expected by the API Maintainers.

It would be great if we could maintain one common set of feature files that can be implemented across each language. For example, you could have a feature file for authentication that looks like:

Feature: OpenFGA Client API Authentication
  Scenario: No Auth Request against No Auth Server
    Given I have a client with Authentication Disabled
    When The server has Authentication Disabled
    Then I get a valid response from the server

Then implement those tests under each of the different sdk implementations.

As I work on the Kotlin endpoint, I intend to write some base feature files, and was interested to see if it's something that could be adopted more widely across the sdk generators.

As identified in https://github.com/openfga/sdk-generator/actions/runs/3472658309/jobs/5803765721, we need to update the python package setuptools due to vulnerability.

Currently both the ListRelations and BatchCheck methods call Check in parallel underneath the hood and treat any error encountered as a false.

They should attempt to validate credentials, and storeId/authmodel id format beforehand

Progress:

• JS SDK: #117
• Go SDK #135
• .NET SDK
• Python SDK: #116

Add Mocking (Mockito) and Unit Tests (JUnit 5) for the Java SDK

Progress:

• JS SDK
• Go SDK
• .NET SDK
• Python SDK
• Java SDK

As per openfga/python-sdk#24, the python SDKs client.py library imports library in the wrong order.

As per PEP 8, the import should be in order of

1. Standard library imports.
2. Related third party imports.
3. Local application/library specific imports.

Furthermore, it may be good to have clean up the import so that we only import what is needed (openfga/python-sdk#23).

The file in question is https://github.com/openfga/sdk-generator/blob/main/config/clients/python/template/client/client.mustache

The check/write tuples example has user prefix user:81684243-9356-4421-8fbf-a4f8d36aa31b. However, our example for write model does not have user type. This will cause confusion to end user.

The OpenFgaApi methods that need a storeId should start accepting StoreId as the first parameter.

This would allow us to drop the custom patches we have (e.g. JS SDK here), and allow users to target multiple stores with the same client if they wish.

• JS SDK openfga/js-sdk#97
• Go SDK @jimmyjames
• .NET SDK
• Python SDK @evansims

• Add tests for the case where the token issuer returns an error during client credentials flow
• Add a limited retry on errors during token exchange (to be discussed)
• Ensure the reported error is accurate and does not call it an FGA API internal server error

Progress:

• JS SDK: #117
• Go SDK: openfga/go-sdk#33
• .NET SDK: openfga/dotnet-sdk#51
• Python SDK: openfga/python-sdk#18

The process for contributing a new SDK or improving an existing one is still a bit vague, we should add documentation, and possibly a quick tutorial of what that entails.

In the OpenFGA documentation there is also an endpoint stores/{id}/read-tuples to list all currently existing tuples in the store.

As for read requests an object is required, I did not find a way to call the read-tuples endpoint via the sdk.

Please add support for this endpoint.

https://openfga.dev/api/service#/Relationship%20Tuples/ReadTuples

Due to changes in openfga/api#49 (required fields in body), the newly generated Go SDK will have breaking changes with respect to changing some of the parameters from point to actual object.

We will also need to call out in the changelog that this is a breaking change.

Some of the links in pypi is broken as it refers to https://pypi.org/project/openfga-sdk/docs . Instead, it should refer to our github docs https://github.com/openfga/python-sdk/blob/main/docs

As per openfga/python-sdk#25, the python SDK README should call fga_client instead of api_instance.

There are three places where this is not called correctly

• sdk-generator/config/clients/python/template/README_calling_api.mustache

  Line 164 in fa95282

  response = await api_instance.read_changes(body, options)

• sdk-generator/config/clients/python/template/README_calling_api.mustache

  Line 204 in fa95282

  response = await api_instance.read(body)

• sdk-generator/config/clients/python/template/README_calling_api.mustache

  Line 444 in fa95282

  response = await api_instance.list_objects(body)

Consider adding PMD and/or SpotBugs checks to the generated SDK

As can be seen in https://github.com/openfga/sdk-generator/actions/runs/3063782132/jobs/4946237254#step:7:461, the SDK generator's CICD tool did not fail when the JS SDK test fails.

Root cause is that all the npm command are grouped in 1 line. Hence, bad return code will still be continued.

Related Roadmap issue: openfga/roadmap#5
Related Discussion: https://github.com/orgs/openfga/discussions/31

Seems like pycodestyle v2.11.0 results in breaking autopep8. See hhatto/autopep8#689

Traceback (most recent call last):
  File "/usr/local/bin/autopep8", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.10/site-packages/autopep8.py", line 4528, in main
    results = fix_multiple_files(args.files, args, sys.stdout)
  File "/usr/local/lib/python3.10/site-packages/autopep8.py", line 4423, in fix_multiple_files
    ret = _fix_file((name, options, output))
  File "/usr/local/lib/python3.10/site-packages/autopep8.py", line 4393, in _fix_file
    return fix_file(*parameters)
  File "/usr/local/lib/python3.10/site-packages/autopep8.py", line 3589, in fix_file
    fixed_source = fix_lines(fixed_source, options, filename=filename)
  File "/usr/local/lib/python3.10/site-packages/autopep8.py", line 3569, in fix_lines
    fixed_source = fix.fix()
  File "/usr/local/lib/python3.10/site-packages/autopep8.py", line 613, in fix
    self._fix_source(filter_results(source=''.join(self.source),
  File "/usr/local/lib/python3.10/site-packages/autopep8.py", line 557, in _fix_source
    modified_lines = fix(result)
  File "/usr/local/lib/python3.10/site-packages/autopep8.py", line 761, in fix_e225
    pycodestyle.missing_whitespace_around_operator(fixed, ts))
AttributeError: module 'pycodestyle' has no attribute 'missing_whitespace_around_operator'. Did you mean: 'whitespace_around_operator'?

I expect that template for bug/feature requests be provided when creating issues for SDKs. However, no templates are seen.

Issue may be related to the fact that the SDKs have the template in .github/ISSUE_TEMPLATES instead of .github/ISSUE_TEMPLATE directory.

Hello, I'd like to request you to consider adding an official SDK for the Rust language.
The openapi-generator supports Rust and generally generates sane code (including async support if the reqwest client is chosen).