Bring Authorization
to VS Code Copilot
Learn how to connect OpenFGA (Fine-Grained Auth) to VS Code Copilot and start using 16 AI agent tools in minutes. Fully managed, enterprise secure, and ready to use without writing a single line of code.
GDPR Free for SubscribersCompatible with every major AI agent and IDE
Gemini
What is the OpenFGA (Fine-Grained Auth) MCP Server?
Connect your OpenFGA instance to any AI agent to manage Relationship-Based Access Control (ReBAC) through natural conversation. OpenFGA is an open-source fine-grained authorization solution inspired by Google's Zanzibar.
What you can do
- Store Management — Create, list, and delete isolated stores to manage authorization data for different environments or applications.
- Authorization Modeling — Define and retrieve complex authorization models using types and relations to represent your system's permissions.
- Tuple Management — Write, read, and track changes to relationship tuples that define which users have which relations to specific objects.
- Relationship Checks — Instantly evaluate whether a user has a specific relation to an object (e.g., 'can user:anne view document:1?').
- Health Monitoring — Quickly check the status of your OpenFGA instance to ensure high availability.
How it works
- Subscribe to this server
- Enter your OpenFGA API URL and API Token (if applicable)
- Start managing your authorization logic from Claude, Cursor, or any MCP-compatible client
Who is this for?
- Security Engineers — Audit relationship tuples and verify authorization models without manual API calls.
- Backend Developers — Quickly test and iterate on authorization models during development directly from the IDE.
- DevOps & SREs — Monitor store health and manage authorization environments across different clusters.
Built-in capabilities (16)
Perform multiple checks in one request
Check if a user has a relation to an object
Create a new OpenFGA store
Delete an OpenFGA store
Expand a relation into a tree
Get a specific authorization model
Get OpenFGA store details
Check OpenFGA server health
List authorization models
List all objects a user can access
List all OpenFGA stores
List all users who have a relation to an object
Read changes to relationship tuples
Query stored relationship tuples
Write a new authorization model
Add or delete relationship tuples
Why VS Code Copilot?
GitHub Copilot Agent mode brings OpenFGA (Fine-Grained Auth) data directly into your VS Code workflow. With a project-scoped config, the entire team shares access to 16 tools. Copilot queries live data, generates typed code, and writes tests from actual API responses, all without leaving the editor.
- —
VS Code is used by over 70% of developers. adding MCP tools to Copilot means your team can leverage external data without leaving their primary editor
- —
Project-scoped MCP configs (
.vscode/mcp.json) let you commit server configurations to your repository, ensuring the entire team shares the same tool access - —
Copilot's Agent mode integrates MCP tools seamlessly with file editing, terminal commands, and workspace search in a single agentic loop
- —
GitHub's enterprise compliance and audit features extend to MCP tool usage, providing visibility into how AI interacts with external services
OpenFGA (Fine-Grained Auth) in VS Code Copilot
OpenFGA (Fine-Grained Auth) and 4,000+ other MCP servers. One platform. One governance layer.
Teams that connect OpenFGA (Fine-Grained Auth) to VS Code Copilot through Vinkius don't need to source, host, or maintain individual MCP servers. Every tool call runs inside a hardened runtime with credential isolation, DLP, and a signed audit chain.
Raw MCP | Vinkius | |
|---|---|---|
| Server catalog | Find and host yourself | 4,000+ managed |
| Infrastructure | Self-hosted | Sandboxed V8 isolates |
| Credential handling | Plaintext in config | Vault + runtime injection |
| Data loss prevention | None | Configurable DLP policies |
| Kill switch | None | Global instant shutdown |
| Financial circuit breakers | None | Per-server limits + alerts |
| Audit trail | None | Ed25519 signed logs |
| SIEM log streaming | None | Splunk, Datadog, Webhook |
| Honeytokens | None | Canary alerts on leak |
| Custom domains | Not applicable | DNS challenge verified |
| GDPR compliance | Manual effort | Automated purge + export |
Why teams choose Vinkius for OpenFGA (Fine-Grained Auth) in VS Code Copilot
The OpenFGA (Fine-Grained Auth) MCP Server runs on Vinkius-managed infrastructure inside AWS — a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts. All 16 tools execute in hardened sandboxes optimized for native MCP execution.
Your AI agents in VS Code Copilot only access the data you authorize, with DLP that blocks sensitive information from ever reaching the model, kill switch for instant shutdown, and up to 60% token savings. Enterprise-grade infrastructure, zero maintenance.
* Every MCP server runs on Vinkius-managed infrastructure inside AWS - a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts optimized for native MCP execution. See our infrastructure
How Vinkius secures
OpenFGA (Fine-Grained Auth) for VS Code Copilot
Every tool call from VS Code Copilot to the OpenFGA (Fine-Grained Auth) MCP Server is protected by DLP redaction, cryptographic audit chains, V8 sandbox isolation, kill switch, and financial circuit breakers.
Frequently asked questions
How can I check if a specific user has access to a resource?
You can use the check_relation tool. Provide the store ID and the relationship details (user, relation, and object) to get an immediate boolean response on whether the access is permitted.
Can I see the history of changes made to relationship tuples?
Yes, the read_changes tool allows you to retrieve the changelog of relationship tuples for a specific store, optionally filtered by object type.
How do I define a new authorization model?
Use the write_authorization_model tool. You will need to provide the store ID, the schema version, and a JSON array of type definitions that describe your relations.
Which VS Code version supports MCP?
MCP support requires VS Code 1.99 or later with the GitHub Copilot extension. Ensure both are updated to the latest version. Older versions of Copilot may not expose the Agent mode toggle.
How do I switch to Agent mode?
Open the Copilot Chat panel and look for two mode options: "Ask" and "Agent". Click "Agent" to enable autonomous tool calling. In Ask mode, Copilot provides conversational answers but cannot invoke MCP tools.
Can I restrict which MCP tools Copilot can access?
Yes. VS Code shows a tool consent dialog before any MCP tool is invoked for the first time. You can also configure tool access policies at the organization level through GitHub Copilot settings.
Does MCP work in VS Code Remote or Codespaces?
Yes. MCP servers configured via .vscode/mcp.json work in Remote SSH, WSL, and GitHub Codespaces environments. The MCP connection is established from the remote host, so ensure the server URL is accessible from that environment.
MCP tools not available
Ensure you are in Agent mode in Copilot Chat. MCP tools only appear in Agent mode.
Explore More MCP Servers
View all →
OpenAQ
9 toolsAccess global air quality data — monitor PM2.5, O3, NO2 levels and track pollution via AI.
Foursquare Alternative
7 toolsManage your location data — audit places, photos, and tips via AI.
Odoo HR
9 toolsSearch employees, manage leaves, track attendance and expenses — Odoo HR through natural conversation.
Salsa Engage
12 toolsAutomate non-profit outreach via Salsa Engage — manage supporters, activities, and fundraising analytics with AI.