v2.0 (#16)

Co-authored-by: JT <[email protected]>

.github/workflows/Build_&_Test.yml

@@ -29,9 +29,12 @@ jobs:
     name: ubuntu-latest
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: '9'
       - name: 'Cache: .nuke/temp, ~/.nuget/packages'
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: |
             .nuke/temp

.github/workflows/Manual_Nuget_Push.yml

@@ -23,9 +23,12 @@ jobs:
     name: ubuntu-latest
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: '9'
       - name: 'Cache: .nuke/temp, ~/.nuget/packages'
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: |
             .nuke/temp

.nuke/build.schema.json

@@ -1,64 +1,65 @@
 {
   "$schema": "http://json-schema.org/draft-04/schema#",
-  "$ref": "#/definitions/build",
-  "title": "Build Schema",
   "definitions": {
-    "build": {
-      "type": "object",
+    "Host": {
+      "type": "string",
+      "enum": [
+        "AppVeyor",
+        "AzurePipelines",
+        "Bamboo",
+        "Bitbucket",
+        "Bitrise",
+        "GitHubActions",
+        "GitLab",
+        "Jenkins",
+        "Rider",
+        "SpaceAutomation",
+        "TeamCity",
+        "Terminal",
+        "TravisCI",
+        "VisualStudio",
+        "VSCode"
+      ]
+    },
+    "ExecutableTarget": {
+      "type": "string",
+      "enum": [
+        "Clean",
+        "Compile",
+        "NugetPack",
+        "NugetPush",
+        "Restore",
+        "Test"
+      ]
+    },
+    "Verbosity": {
+      "type": "string",
+      "description": "",
+      "enum": [
+        "Verbose",
+        "Normal",
+        "Minimal",
+        "Quiet"
+      ]
+    },
+    "NukeBuild": {
       "properties": {
         "Continue": {
           "type": "boolean",
           "description": "Indicates to continue a previously failed build attempt"
         },
-        "FgaClientId": {
-          "type": "string",
-          "description": "FGA Client ID",
-          "default": "Secrets must be entered via 'nuke :secrets [profile]'"
-        },
-        "FgaClientSecret": {
-          "type": "string",
-          "description": "FGA Client Secret",
-          "default": "Secrets must be entered via 'nuke :secrets [profile]'"
-        },
-        "FgaStoreId": {
-          "type": "string",
-          "description": "FGA Store ID",
-          "default": "Secrets must be entered via 'nuke :secrets [profile]'"
-        },
         "Help": {
           "type": "boolean",
           "description": "Shows the help text for this build assembly"
         },
         "Host": {
-          "type": "string",
           "description": "Host for execution. Default is 'automatic'",
-          "enum": [
-            "AppVeyor",
-            "AzurePipelines",
-            "Bamboo",
-            "Bitbucket",
-            "Bitrise",
-            "GitHubActions",
-            "GitLab",
-            "Jenkins",
-            "Rider",
-            "SpaceAutomation",
-            "TeamCity",
-            "Terminal",
-            "TravisCI",
-            "VisualStudio",
-            "VSCode"
-          ]
+          "$ref": "#/definitions/Host"
         },
         "NoLogo": {
           "type": "boolean",
           "description": "Disables displaying the NUKE logo"
         },
-        "NugetApiKey": {
-          "type": "string",
-          "description": "Nuget Api Key",
-          "default": "Secrets must be entered via 'nuke :secrets [profile]'"
-        },
         "Partition": {
           "type": "string",
           "description": "Partition to use on CI"
@@ -82,47 +83,54 @@
           "type": "array",
           "description": "List of targets to be skipped. Empty list skips all dependencies",
           "items": {
-            "type": "string",
-            "enum": [
-              "Clean",
-              "Compile",
-              "NugetPack",
-              "NugetPush",
-              "Restore",
-              "Test"
-            ]
+            "$ref": "#/definitions/ExecutableTarget"
           }
         },
-        "Solution": {
-          "type": "string",
-          "description": "Path to a solution file that is automatically loaded"
-        },
         "Target": {
           "type": "array",
           "description": "List of targets to be invoked. Default is '{default_target}'",
           "items": {
-            "type": "string",
-            "enum": [
-              "Clean",
-              "Compile",
-              "NugetPack",
-              "NugetPush",
-              "Restore",
-              "Test"
-            ]
+            "$ref": "#/definitions/ExecutableTarget"
           }
         },
         "Verbosity": {
-          "type": "string",
           "description": "Logging verbosity during build execution. Default is 'Normal'",
-          "enum": [
-            "Minimal",
-            "Normal",
-            "Quiet",
-            "Verbose"
-          ]
+          "$ref": "#/definitions/Verbosity"
+        }
+      }
+    }
+  },
+  "allOf": [
+    {
+      "properties": {
+        "FgaClientId": {
+          "type": "string",
+          "description": "FGA Client ID",
+          "default": "Secrets must be entered via 'nuke :secrets [profile]'"
+        },
+        "FgaClientSecret": {
+          "type": "string",
+          "description": "FGA Client Secret",
+          "default": "Secrets must be entered via 'nuke :secrets [profile]'"
+        },
+        "FgaStoreId": {
+          "type": "string",
+          "description": "FGA Store ID",
+          "default": "Secrets must be entered via 'nuke :secrets [profile]'"
+        },
+        "NugetApiKey": {
+          "type": "string",
+          "description": "Nuget Api Key",
+          "default": "Secrets must be entered via 'nuke :secrets [profile]'"
+        },
+        "Solution": {
+          "type": "string",
+          "description": "Path to a solution file that is automatically loaded"
         }
       }
+    },
+    {
+      "$ref": "#/definitions/NukeBuild"
     }
-  }
+  ]
 }

Package.Build.props

@@ -1,6 +1,6 @@
 <Project>
   <PropertyGroup>
-    <Version>1.2.0</Version>
+    <Version>2.0.0-RC.1</Version>
     <Authors>Hawxy</Authors>
     <PackageRequireLicenseAcceptance>true</PackageRequireLicenseAcceptance>
     <PackageLicenseExpression>Apache-2.0</PackageLicenseExpression>

README.md

@@ -10,7 +10,7 @@
 
 ## Getting Started
 
-This package is compatible with the OSS OpenFGA as well as the managed Auth0 FGA service. Usage of DSL v1.1 is required.
+This package is compatible with the OSS OpenFGA as well as the managed Auth0 FGA service.
 
 Please ensure you have a basic understanding of how FGA works before continuing: [OpenFGA Docs](https://openfga.dev/) or [Auth0 FGA Docs](https://docs.fga.dev/)
 
@@ -174,6 +174,10 @@ public class ComputedRelationshipAttribute : FgaBaseObjectAttribute
 
 An additional pre-made attribute that allows all tuple values to be hardcoded strings ships with the package (`FgaStringAttribute`). This attribute is useful for testing and debug purposes, but should not be used in a real application.
 
+### Contextual Tuples
+
+All attributes supports specifying contextual tuples as part of a check. Inherit & override `GetContextualTuple` to provide the relevant logic in your own attribute.
+
 ## Client Injection
 
 This package registers both the `OpenFgaApi` and `OpenFgaClient` types in the DI container. `OpenFgaClient` is a higher level abstraction and preferred over `OpenFgaApi` for general use.

build/Build.cs

@@ -13,13 +13,15 @@
 [GitHubActions(
     "Build & Test",
     GitHubActionsImage.UbuntuLatest,
+    AutoGenerate = false,
     OnPushBranches = new []{ "main" },
     OnPullRequestBranches = new []{ "main" },
     InvokedTargets = new[] { nameof(Test) },
     ImportSecrets = new []{ nameof(FgaStoreId), nameof(FgaClientId), nameof(FgaClientSecret) })]
 [GitHubActions(
     "Manual Nuget Push",
     GitHubActionsImage.UbuntuLatest,
+    AutoGenerate = false,
     On = new[] { GitHubActionsTrigger.WorkflowDispatch },
     InvokedTargets = new[] { nameof(NugetPush) },
     ImportSecrets = new[] { nameof(NugetApiKey) })]

build/_build.csproj

@@ -11,7 +11,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Nuke.Common" Version="8.0.0" />
+    <PackageReference Include="Nuke.Common" Version="9.0.1" />
   </ItemGroup>
 
 </Project>

samples/Fga.Example.AspNetCore/ComputedRelationshipAttribute.cs

@@ -1,4 +1,5 @@
 using Fga.Net.AspNetCore.Authorization.Attributes;
+using OpenFga.Sdk.Client.Model;
 
 namespace Fga.Example.AspNetCore;
 

src/Fga.Net.AspNetCore/Authorization/Attributes/FgaAttribute.cs

@@ -17,6 +17,8 @@ limitations under the License.
 #endregion
 
 using Microsoft.AspNetCore.Http;
+using OpenFga.Sdk.Client.Model;
+using Tuple = OpenFga.Sdk.Model.Tuple;
 
 namespace Fga.Net.AspNetCore.Authorization.Attributes;
 
@@ -42,15 +44,22 @@ public abstract class FgaAttribute : Attribute
     /// An entity in the system. 
     /// </summary>
     /// <param name="context">The context of the current request</param>
-    /// <returns>Usually a string in an entity-identifier format: <value>document:id</value></returns>
+    /// <returns>Usually a string in an entity-identifier format: document:id</returns>
     public abstract ValueTask<string> GetObject(HttpContext context);
+
+    /// <summary>
+    /// Contextual tuple(s) to apply the check generated from this attribute.
+    /// </summary>
+    /// <param name="context">The context of the current request</param>
+    /// <returns>The list of contextual tuples, or null if none were provided</returns>
+    public virtual ValueTask<List<ClientTupleKey>?> GetContextualTuple(HttpContext context) => new((List<ClientTupleKey>?)null);
 
     /// <summary>
     /// Concats the type and identifier into the object format
     /// </summary>
     /// <param name="type">The objects type, such as workspace, repository, organization or document</param>
     /// <param name="identifier">The objects identifier</param>
     /// <returns>The object in the entity:identifier format</returns>
-    public static string FormatObject(string type, string identifier) => $"{type}:{identifier}";
+    protected static string FormatObject(string type, string identifier) => $"{type}:{identifier}";
 }
 

src/Fga.Net.AspNetCore/Authorization/FineGrainedAuthorizationHandler.cs

@@ -48,19 +48,21 @@ protected override async Task HandleRequirementAsync(AuthorizationHandlerContext
         // The user is enforcing the fga policy but there's no attributes here.
         if (attributes.Count == 0)
             return;
-
+        
         var checks = new List<ClientCheckRequest>();
 
         foreach (var attribute in attributes)
         {
             string? user;
             string? relation;
             string? @object;
+            List<ClientTupleKey>? contextualTuples;
             try
             {
                 user = await attribute.GetUser(httpContext);
                 relation = await attribute.GetRelation(httpContext);
                 @object = await attribute.GetObject(httpContext);
+                contextualTuples = await attribute.GetContextualTuple(httpContext);
             }
             catch (FgaMiddlewareException ex)
             {
@@ -85,7 +87,8 @@ protected override async Task HandleRequirementAsync(AuthorizationHandlerContext
             {
                 User = user,
                 Relation = relation,
-                Object = @object
+                Object = @object,
+                ContextualTuples = contextualTuples
             });
         }
 

src/Fga.Net.AspNetCore/Authorization/Log.cs

@@ -37,7 +37,5 @@ internal static partial class Log
 
     [LoggerMessage(3005, LogLevel.Debug, "User was not in a valid format of 'type:id' or '*'. Computed user as '{user}'")]
     public static partial void InvalidUser(this ILogger logger, string user);
-
-
 
 }

src/Fga.Net.AspNetCore/Fga.Net.AspNetCore.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFrameworks>net6.0;net7.0;net8.0</TargetFrameworks>
+    <TargetFrameworks>net8.0;net9.0</TargetFrameworks>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
   </PropertyGroup>
@@ -17,7 +17,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="DotNet.ReproducibleBuilds" Version="1.1.1" PrivateAssets="All" />
+    <PackageReference Include="DotNet.ReproducibleBuilds" Version="1.2.25" PrivateAssets="All" />
   </ItemGroup>
 
   <ItemGroup>

src/Fga.Net/Configuration/Auth0FgaConnectionBuilder.cs

@@ -48,10 +48,10 @@ internal sealed record Auth0FgaEnvironment(string ApiHost, string ApiTokenIssuer
 /// </summary>
 public sealed class Auth0FgaConnectionBuilder
 {
-    private const string FgaIssuer = "fga.us.auth0.com";
+    private const string FgaIssuer = "auth.fga.dev";
 
-    private readonly IReadOnlyDictionary<FgaEnvironment, Auth0FgaEnvironment> _fgaEnvironments =
-        new Dictionary<FgaEnvironment, Auth0FgaEnvironment>()
+    private readonly Dictionary<FgaEnvironment, Auth0FgaEnvironment> _fgaEnvironments =
+        new()
         {
             {
                 FgaEnvironment.US,