Happy slice of mcp pizzaMCP.pizza
Fire in da houseTop Tip:Paying $100+ per month for Perplexity, MidJourney, Runway, ChatGPT and other tools is crazy - get all your AI tools in one site starting at $15 per month with Galaxy AI Fire in da houseCheck it out free

openfga-mcp

MCP.Pizza Chef: evansims

OpenFGA MCP server is a Model Context Protocol server that allows Large Language Models to programmatically interact with OpenFGA authorization stores. It supports creating, listing, retrieving, and deleting stores, enabling fine-grained access control and authorization workflows through LLMs. Designed for Python 3.12+ environments, it facilitates agentic AI and advanced vibe coding by integrating OpenFGA's authorization capabilities into AI workflows.

Use This MCP server To

Create and manage OpenFGA authorization stores programmatically List all OpenFGA stores for auditing or management Retrieve detailed information about specific OpenFGA stores Delete OpenFGA stores via LLM-driven commands Enable LLMs to perform fine-grained authorization checks Integrate OpenFGA authorization with AI agent workflows Automate access control policy updates using natural language Support vibe coding by linking authorization logic to code context

README

OpenFGA MCP Server

smithery badge

An experimental Model Context Protocol (MCP) server that enables Large Language Models (LLMs) to read, search, and manipulate OpenFGA stores. Unlocks authorization for agentic AI, and fine-grained vibe coding✨ for humans.

Requirements

Features

Tools

Store Management
  • create_store: Creates a new Store. (create-store)
  • list_stores: List all stores. (list-stores)
  • get_store: Get a store details. (get-store)
  • delete_store: Delete a store. (delete-store)
  • get_store_id_by_name: Get the ID of a store by it's name.
Authorization Model Management
Relationship Tuples Management
Relationship Queries
  • check: Check if a user has a relation to an object. (check)
  • list_objects: List objects of a type that a user has a relation to. (list-objects)
  • list_users: List users that have a given relationship with a given object. (list-users)

Resources

Prompts

Usage

We recommend running the server using UVX:

uvx openfga-mcp@latest

Installing via Smithery

To install OpenFGA MCP Server for Claude Desktop automatically via Smithery:

npx -y @smithery/cli install @evansims/openfga-mcp --client claude

Configuration

The server accepts the following arguments:

  • --openfga_url: URL of your OpenFGA server
  • --openfga_store: ID of the OpenFGA store the MCP server will use
  • --openfga_model: ID of the OpenFGA authorization model the MCP server will use

For API token authentication:

  • --openfga_token: API token for use with your OpenFGA server

For Client Credentials authentication:

  • --openfga_client_id: Client ID for use with your OpenFGA server
  • --openfga_client_secret: Client secret for use with your OpenFGA server
  • --openfga_api_issuer: API issuer for use with your OpenFGA server
  • --openfga_api_audience: API audience for use with your OpenFGA server

For example:

uvx openfga-mcp@latest \
  --openfga_url="http://127.0.0.1:8080" \
  --openfga_store="your-store-id" \
  --openfga_model="your-model-id"

Using with Claude Desktop

To configure Claude to use the server, add the following to your Claude config:

{
  "mcpServers": {
    "openfga-mcp": {
      "command": "uvx",
      "args": ["openfga-mcp@latest"]
    }
  }
}
  • You may need to specify the full path to your uvx executable. Use which uvx to find it.
  • You must restart Claude after updating the configuration.

Using with Raycast

Using with Cursor

Using with Windsurf

Development

To setup your development environment, run:

make setup

To run the development server:

make run \
  --openfga_url="http://127.0.0.1:8080" \
  --openfga_store="your-store-id" \
  --openfga_model="your-model-id"

To run the development server with the MCP Inspector:

make dev

License

Apache 2.0

openfga-mcp FAQ

What programming environment is required to run openfga-mcp?
openfga-mcp requires Python 3.12 or higher to operate correctly.
How does openfga-mcp interact with OpenFGA stores?
It provides tools for LLMs to create, list, get details, and delete OpenFGA stores programmatically.
Can openfga-mcp be used to automate authorization workflows?
Yes, it enables LLMs to manage and manipulate authorization stores, facilitating automated access control.
Is openfga-mcp compatible with multiple LLM providers?
Yes, it is designed to work with various LLMs including OpenAI, Anthropic Claude, and Google Gemini.
What is vibe coding in the context of openfga-mcp?
Vibe coding refers to fine-grained coding workflows enhanced by authorization context provided through OpenFGA and LLM integration.
Does openfga-mcp require a running OpenFGA server?
Yes, it depends on an existing OpenFGA server to connect and manage stores.
How secure is the interaction between LLMs and OpenFGA stores via openfga-mcp?
The server uses scoped and secure API calls to ensure safe manipulation of authorization data.
Can openfga-mcp be extended with additional tools?
Yes, it supports adding more tools to expand functionality for authorization and store management.