API Requests CheckRequest - evansims/openfga-php GitHub Wiki
Request for performing authorization checks in OpenFGA. This request determines whether a user has a specific relationship with an object based on the configured authorization model and relationship tuples. It's the core operation for making authorization decisions in your application. The check operation supports contextual tuples, custom contexts, and tracing to provide comprehensive authorization decisions with detailed debugging information.
Table of Contents
OpenFGA\Requests
- CheckResponse (response)
- CheckRequestInterface (interface)
public function getAuthorizationModel(): stringGet the authorization model ID to use for the check. This specifies which version of the authorization model should be used when evaluating the permission check. Using a specific model ID ensures consistent results.
string — The authorization model ID for permission evaluation
public function getConsistency(): ?OpenFGA\Models\Enums\ConsistencyGet the consistency level for the check operation. This determines the read consistency requirement for the check operation, allowing you to balance between read performance and data consistency based on your application's needs.
Consistency | null — The consistency level, or null to use the default consistency setting
public function getContext(): ?objectGet additional context data for conditional evaluation. This provides contextual information that can be used in conditional expressions within the authorization model, enabling dynamic permission evaluation based on runtime data.
object | null — The context object containing additional data for evaluation, or null if no context is provided
public function getContextualTuples(): ?OpenFGA\Models\Collections\TupleKeysInterfaceGet additional tuples to consider during the check. These contextual tuples are temporarily added to the authorization data during evaluation, allowing you to test permission scenarios with hypothetical or pending relationship changes.
TupleKeysInterface | null — Additional relationship tuples for evaluation, or null if none provided
public function getRequest(Psr\Http\Message\StreamFactoryInterface $streamFactory): OpenFGA\Network\RequestContextBuild a request context for HTTP execution. Transforms the request object into a standardized HTTP request context that can be executed by the OpenFGA HTTP client. This method handles all aspects of request preparation including parameter serialization, URL construction, header configuration, and body stream creation. The method validates that all required parameters are present and properly formatted, serializes complex objects to JSON, constructs the appropriate API endpoint URL, and creates the necessary HTTP message body streams.
| Name | Type | Description |
|---|---|---|
$streamFactory |
StreamFactoryInterface |
PSR-7 stream factory for creating request body streams from serialized data |
RequestContext — The prepared request context containing HTTP method, URL, headers, and body ready for execution
public function getStore(): stringGet the store ID containing the authorization data. This identifies which OpenFGA store contains the relationship tuples and configuration to use for the permission check.
string — The store ID containing the authorization data
public function getTrace(): ?boolGet whether to include evaluation trace in the response. When enabled, the response will include detailed information about how the permission decision was reached, which is useful for debugging authorization logic.
bool | null — Whether to include trace information, or null to use the default setting
public function getTupleKey(): OpenFGA\Models\TupleKeyInterfaceGet the relationship tuple to check for permission. This defines the specific relationship (user, object, relation) to evaluate for authorization. For example, checking if "user:alice" has "can_view" permission on "document:readme."
TupleKeyInterface — The relationship tuple specifying what permission to check