OpenFGA MCP Server
An experimental Model Context Protocol (MCP) server that enables Large Language Models (LLMs) to read, search, and manipulate OpenFGA stores. Unlocks authorization for agentic AI, and fine-grained vibe coding✨ for humans.
Requirements
- Python 3.12+
- An OpenFGA server
Features
Tools
Store Management
create_store
: Creates a new Store. (create-store)list_stores
: List all stores. (list-stores)get_store
: Get a store details. (get-store)delete_store
: Delete a store. (delete-store)get_store_id_by_name
: Get the ID of a store by it's name.
Authorization Model Management
write_authorization_model
: Write an authorization model. (write-authorization-model)read_authorization_models
: List all authorization models. (read-authorization-models)get_authorization_model
: Get a particular version of an authorization model details. (get-authorization-model)
Relationship Tuples Management
write_relation_tuples
: Write relation tuples. (write-relation-tuples)read_relation_tuples
: Read relation tuples. (read-relation-tuples)
Relationship Queries
check
: Check if a user has a relation to an object. (check)list_objects
: List objects of a type that a user has a relation to. (list-objects)list_users
: List users that have a given relationship with a given object. (list-users)
Resources
Prompts
Usage
We recommend running the server using UVX:
Installing via Smithery
To install OpenFGA MCP Server for Claude Desktop automatically via Smithery:
Configuration
The server accepts the following arguments:
--openfga_url
: URL of your OpenFGA server--openfga_store
: ID of the OpenFGA store the MCP server will use--openfga_model
: ID of the OpenFGA authorization model the MCP server will use
For API token authentication:
--openfga_token
: API token for use with your OpenFGA server
For Client Credentials authentication:
--openfga_client_id
: Client ID for use with your OpenFGA server--openfga_client_secret
: Client secret for use with your OpenFGA server--openfga_api_issuer
: API issuer for use with your OpenFGA server--openfga_api_audience
: API audience for use with your OpenFGA server
For example:
Using with Claude Desktop
To configure Claude to use the server, add the following to your Claude config:
- You may need to specify the full path to your
uvx
executable. Usewhich uvx
to find it. - You must restart Claude after updating the configuration.
Using with Raycast
Using with Cursor
Using with Windsurf
Development
To setup your development environment, run:
To run the development server:
To run the development server with the MCP Inspector:
License
Apache 2.0
This server cannot be installed
remote-capable server
The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.
An experimental Model Context Protocol server that enables Large Language Models to read, search, and manipulate OpenFGA authorization stores, unlocking fine-grained access control for agentic AI and natural language interactions.
Related MCP Servers
- -securityAlicense-qualityA server that enables Large Language Models to discover and interact with REST APIs defined by OpenAPI specifications through the Model Context Protocol.Last updated -37896TypeScriptMIT License
MCP TapData Serverofficial
-securityFlicense-qualityA Model Context Protocol server that enables Large Language Models to access and interact with database connections, including viewing schemas and performing CRUD operations on connected databases.Last updated -- -securityAlicense-qualityA Model Context Protocol server that provides AI agents with secure access to local filesystem operations, enabling reading, writing, and managing files through a standardized interface.Last updated -1603TypeScriptApache 2.0
- AsecurityAlicenseAqualityA Model Context Protocol server that connects Large Language Models to the GeoServer REST API, enabling AI assistants to query and manipulate geospatial data through natural language.Last updated -918PythonMIT License