Skip to main content
Glama

OpenFGA MCP

Connect OpenFGA and Auth0 FGA to AI agents via the Model Context Protocol.

Use Cases

  • Plan & Design - Design efficient authorization model using best practice patterns
  • Generate Code - Generate accurate SDK integrations with comprehensive documentation context
  • Manage Instances - Query and control live OpenFGA servers through AI agents

Quick Start

Offline Mode (Default)

Design models and generate code without a server:

{ "mcpServers": { "OpenFGA": { "command": "docker", "args": [ "run", "--rm", "-i", "--pull=always", "evansims/openfga-mcp:latest" ] } } }

Online Mode

Connect to OpenFGA for full management capabilities:

{ "mcpServers": { "OpenFGA": { "command": "docker", "args": [ "run", "--rm", "-i", "--pull=always", "-e", "OPENFGA_MCP_API_URL=http://host.docker.internal:8080", "evansims/openfga-mcp:latest" ] } } }

Safety: Write operations are disabled by default. Set OPENFGA_MCP_API_WRITEABLE=true to enable.

Docker Networking: For your OPENFGA_MCP_API_URL use host.docker.internal when running OpenFGA on your local machine, container names for Docker networks, or full URLs for remote instances.

Works with Claude Desktop, Claude Code, Cursor, Windsurf, Zed, and other MCP clients.

Configuration

MCP Transport

VariableDefaultDescription
OPENFGA_MCP_TRANSPORTstdioSupports stdio or http (Streamable HTTP.)
OPENFGA_MCP_TRANSPORT_HOST127.0.0.1IP to listen for connections on. Only applicable when using http transport.
OPENFGA_MCP_TRANSPORT_PORT9090Port to listen for connections on. Only applicable when using http transport.
OPENFGA_MCP_TRANSPORT_SSEtrueEnables Server-Sent Events (SSE) streams for responses.
OPENFGA_MCP_TRANSPORT_STATELESSfalseEnables stateless mode for session-less clients.

OpenFGA

VariableDefaultDescription
OPENFGA_MCP_API_URLOpenFGA server URL
OPENFGA_MCP_API_WRITEABLEfalseEnables write operations
OPENFGA_MCP_API_STOREDefault requests to a specific store ID
OPENFGA_MCP_API_MODELDefault requests to a specific model ID
OPENFGA_MCP_API_RESTRICTfalseRestrict requests to configured default store/model

OpenFGA Authentication

AuthenticationVariableDefaultDescription
Pre-Shared KeysOPENFGA_MCP_API_TOKENAPI Token
Client CredentialsOPENFGA_MCP_API_CLIENT_IDClient ID
OPENFGA_MCP_API_CLIENT_SECRETClient Secret
OPENFGA_MCP_API_ISSUERToken Issuer
OPENFGA_MCP_API_AUDIENCEAPI Audience

See docker-compose.example.yml for complete examples.

Features

Management Tools

  • Stores: Create, list, get, delete stores
  • Models: Create models with DSL, list, get, verify
  • Permissions: Check, grant, revoke permissions; query users and objects

SDK Documentation

Comprehensive documentation for accurate code generation:

  • All OpenFGA SDKs (PHP, Go, Python, Java, .NET, JavaScript, Laravel)
  • Class and method documentation with code examples
  • Advanced search with language filtering

AI Prompts

Design & Planning

  • Domain-specific model design
  • RBAC to ReBAC migration
  • Hierarchical relationships
  • Performance optimization

Implementation

  • Step-by-step model creation
  • Relationship patterns
  • Test generation
  • Security patterns

Troubleshooting

  • Permission debugging
  • Security audits
  • Least privilege implementation

Resources & URIs

  • openfga://stores - List stores
  • openfga://store/{id}/model/{modelId} - Model details
  • openfga://docs/{sdk}/class/{className} - SDK documentation
  • openfga://docs/search/{query} - Search documentation

Smart Completions

Auto-completion for store IDs, model IDs, relations, users, and objects when connected.


-
security - not tested
A
license - permissive license
-
quality - not tested

remote-capable server

The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.

An experimental Model Context Protocol server that enables Large Language Models to read, search, and manipulate OpenFGA authorization stores, unlocking fine-grained access control for agentic AI and natural language interactions.

  1. Requirements
    1. Features
      1. Tools
      2. Resources
      3. Prompts
    2. Usage
      1. Installing via Smithery
      2. Configuration
      3. Using with Claude Desktop
      4. Using with Raycast
      5. Using with Cursor
      6. Using with Windsurf
    3. Development
      1. License

        Related MCP Servers

        • -
          security
          A
          license
          -
          quality
          A server that enables Large Language Models to discover and interact with REST APIs defined by OpenAPI specifications through the Model Context Protocol.
          Last updated -
          2,130
          150
          MIT License
          • Apple
        • -
          security
          F
          license
          -
          quality
          A Model Context Protocol server that enables Large Language Models to access and interact with database connections, including viewing schemas and performing CRUD operations on connected databases.
          Last updated -
          • Apple
        • A
          security
          A
          license
          A
          quality
          A Model Context Protocol server that provides AI agents with secure access to local filesystem operations, enabling reading, writing, and managing files through a standardized interface.
          Last updated -
          10
          308
          17
          Apache 2.0
        • A
          security
          A
          license
          A
          quality
          A Model Context Protocol server that connects Large Language Models to the GeoServer REST API, enabling AI assistants to query and manipulate geospatial data through natural language.
          Last updated -
          9
          37
          MIT License
          • Linux
          • Apple

        View all related MCP servers

        MCP directory API

        We provide all the information about MCP servers via our MCP API.

        curl -X GET 'https://glama.ai/api/mcp/v1/servers/evansims/openfga-mcp'

        If you have feedback or need assistance with the MCP directory API, please join our Discord server