AuthZen API Implementation (#240)

* poc: support AuthZEN spec

https://openid.net/specs/authorization-api-1_0-01.html

* chore: changed authzen path and relaxed validation rules

* feat: added Evaluations endpoint

* docs: add documentation for using contextual tuples in Expand API (#209)

Co-authored-by: Maria Ines Parnisari <maria.inesparnisari@okta.com>

* chore: added error in context for request

* fix: make CheckError types snake case (#213)

make CheckError types snake case

* chore(ci): changed the validate swagger ci tag (#214)

The old one has been deprecated and is causing CI errors as can be seen here:
https://github.com/openfga/api/actions/runs/12349913805/job/34484604530?pr=211

* feat: add name as a filter for ListStores (#211)

* Add name as a filter for ListStores

* Add validation and openapi annotations

* Skip validation on empty name

* Add description

* chore: add pattern restriction on `continuation_token` (#215)

* add pattern restriction on continuation_tokens

* update continuation_token regex to be specific to url base64

* fix: update `continuation_token` pattern restriction (#216)

* chore: remove lingering comment in proto defn

* fix regex pattern to allow empty continuation token

* chore(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 in /proto (#178)

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.64.0 to 1.64.1.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.64.0...v1.64.1)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump the dependencies group across 1 directory with 3 updates (#217)

Bumps the dependencies group with 3 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [bufbuild/buf-setup-action](https://github.com/bufbuild/buf-setup-action) and [swaggerexpert/swagger-editor-validate](https://github.com/swaggerexpert/swagger-editor-validate).


Updates `actions/checkout` from 4.1.3 to 4.2.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@1d96c77...11bd719)

Updates `bufbuild/buf-setup-action` from 1.34.0 to 1.48.0
- [Release notes](https://github.com/bufbuild/buf-setup-action/releases)
- [Commits](bufbuild/buf-setup-action@35c243d...1115d0a)

Updates `swaggerexpert/swagger-editor-validate` from 1.4.1 to 1.4.2
- [Release notes](https://github.com/swaggerexpert/swagger-editor-validate/releases)
- [Commits](swaggerexpert/swagger-editor-validate@db517d5...e8e51db)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: bufbuild/buf-setup-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: swaggerexpert/swagger-editor-validate
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix: add regex for read api user field (#218)

Add regex to assert that read API's user field (if specified) must
have both type and object.

Close openfga/openfga#2189

* fix: mark tuple_key in BatchCheckItem as required in validation (#222)

* fix(api): add max 50 batch check by default note (#227)

* fix(api): add max 50 batch check by default note

* comment fix

* after daniel review

* add spacing

* chore(deps): bump golang.org/x/net from 0.26.0 to 0.36.0 in /proto (#224)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.26.0 to 0.36.0.
- [Commits](golang/net@v0.26.0...v0.36.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update SECURITY-INSIGHTS (#229)

* "chore: updating SECURITY-INSIGHTS"

* "chore: updating SECURITY-INSIGHTS"

* "chore: updating SECURITY-INSIGHTS"

* "chore: updating SECURITY-INSIGHTS"

* "chore: updating SECURITY-INSIGHTS"

* "chore: updating SECURITY-INSIGHTS"

* "chore: updating SECURITY-INSIGHTS"

* "chore: updating SECURITY-INSIGHTS"

* chore(deps): bump the dependencies group across 1 directory with 2 updates (#223)

Bumps the dependencies group with 2 updates in the / directory: [bufbuild/buf-setup-action](https://github.com/bufbuild/buf-setup-action) and [swaggerexpert/swagger-editor-validate](https://github.com/swaggerexpert/swagger-editor-validate).


Updates `bufbuild/buf-setup-action` from 1.48.0 to 1.50.0
- [Release notes](https://github.com/bufbuild/buf-setup-action/releases)
- [Commits](bufbuild/buf-setup-action@1115d0a...a47c93e)

Updates `swaggerexpert/swagger-editor-validate` from 1.4.2 to 1.5.1
- [Release notes](https://github.com/swaggerexpert/swagger-editor-validate/releases)
- [Commits](swaggerexpert/swagger-editor-validate@e8e51db...264fd87)

---
updated-dependencies:
- dependency-name: bufbuild/buf-setup-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: swaggerexpert/swagger-editor-validate
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump actions/checkout from 4.2.2 to 4.3.0 in the dependencies group (#230)

chore(deps): bump actions/checkout in the dependencies group

Bumps the dependencies group with 1 update: [actions/checkout](https://github.com/actions/checkout).


Updates `actions/checkout` from 4.2.2 to 4.3.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@11bd719...08eba0b)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 4.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* ci: update dependabot config (#231)

* feat: add support for Write API with on_duplicate and on_missing options (#233)

* OpenFGA API Protobuf for Idempotent Writes

* Update openfga/v1/openfga_service.proto

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* CodeReview fixes

* CodeReview fixes

* changing on_missing and on_duplicate to string value instead of Enum for proper JSON values

* Make sure on_duplicate, on_missing are optional params

---------

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* chore(deps): bump actions/checkout from 4.3.0 to 5.0.0 in the dependencies group (#232)

chore(deps): bump actions/checkout in the dependencies group

Bumps the dependencies group with 1 update: [actions/checkout](https://github.com/actions/checkout).


Updates `actions/checkout` from 4.3.0 to 5.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@08eba0b...08c6903)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(docs): update README (#236)

* chore(docs): update README

* chore: updated dependencies

* feat: authzen 1.0 implementation

* fix: addresed lint issues

* fix: add store_id to metadata discovery endpoint

* Improved Evaluations docs and changed EvaluationsSemantic definition

* Moved authorization_model_id put of the request body

* Moved authorization_model_id put of the request body

* fix: make pages field optional in protobuf

* fix: changed result body for search results

* fix: added swagger

* authzen: require strict store_id validation across endpoints

* authzen: mark APIs as experimental in proto and docs

* authzen: document short-circuit partial results and model header

* chore: remove go.mod

* chore: generated swagger file

* fix: make configuration endpoint compatible to spec

* fix: fixed SubjectFilter to not to include ID and added ResourceFilter so it's consisten. Fixed evaluations response format to return an object

* Update authzen/v1/authzen_service.proto

Make ResourceFilter required for ResourceSearch

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* fix: run buf to apply latest protobuf changes, making RequestFilter required

* fix: improved ID validations and specified min_items for Evaluations

* fix: properly set required fields for GetConfigurationResponse and removed AuthZen tag for consistency in swaggere generation

* fix: moved lint ignores from .proto to buf.yaml

* fix: removed references to spec section numbers, reserved fields, and fixed field numbers in Action

* fix: fixed more required/optional fields in protobuf definition

* fix: moved store_id as the 1st field in protobuf and addressed resource id pattern regex

* fix: regenerated pb.go for authzen

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Raghd Hamzeh <raghd.hamzeh@openfga.dev>
Co-authored-by: Sujitha A V <72297938+sujitha-av@users.noreply.github.com>
Co-authored-by: Maria Ines Parnisari <maria.inesparnisari@okta.com>
Co-authored-by: Justin Cohen <justincoh@gmail.com>
Co-authored-by: Karl Persson <kalle.persson92@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Adrian Tam <adrian.tam@okta.com>
Co-authored-by: Ewan Harris <ewan.harris@okta.com>
Co-authored-by: Talent Zeng <talent.z@hotmail.com>
Co-authored-by: Evan Sims <hello@evansims.com>
Co-authored-by: Zilvinas Vilutis <cikasfm@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: 14 people

README.md

@@ -9,6 +9,10 @@ OpenFGA is designed to make it easy for application builders to model their perm
 
 ## Usage
 
+### AuthZEN API Status
+
+The AuthZEN API definitions in this repository are **experimental** and may change before general availability.
+
 [Buf](https://github.com/bufbuild/buf) is used to manage, package, and generate source code from the protocol buffer definitions. The API definitions
 are pushed to the [`buf.build/openfga/api`](https://buf.build/openfga/api) repository in the Buf Registry.
 

authzen/v1/authzen_service.proto

@@ -12,9 +12,12 @@ lint:
   ignore_only:
     ENUM_VALUE_UPPER_SNAKE_CASE:
       - openfga/v1/errors_ignore.proto
+      - authzen/v1/authzen_service.proto
     ENUM_VALUE_PREFIX:
       - openfga/v1/errors_ignore.proto
       - openfga/v1/openfga_service_consistency.proto
+      - authzen/v1/authzen_service.proto
     ENUM_ZERO_VALUE_SUFFIX:
       - openfga/v1/errors_ignore.proto
-      - openfga/v1/openfga_service_consistency.proto
+      - openfga/v1/openfga_service_consistency.proto
+      - authzen/v1/authzen_service.proto