Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
how to use as auth service with hasura
See original GitHub issue❓ Questions and Help
hi, this project is very nice~ now, i have deploy a standlone Hasura and also Supertokens with dockers. the Supertokens and Hasura works well. But i want to use Supertokens as auth service for Hasura through jwt or jws。 from docs of Hasura, hasura just work as a graphql api service, and apis are auth by jwt/jws with roles set in payload.
the logic i want to use is:
- set jwt payload required by hasura, at follow code in supertokens session feature.
sessionFeature: {
setJwtPayload: async (user, context, action) => {
// This is called post sign in and sign up
return {
'x-hasura-default-role': 'admin',
'x-hasura-allowed-roles': ['admin']
};
}
}
- request to hasura with jwt token at header
{
{
"type": "HS256", // what sine
"key": "my_long_secret",
"jwk_url": "<optional-url-to-refresh-jwks>",
"claims_namespace": "<optional-key-name-in-claims>",
"claims_namespace_path":"<optional-json-path-to-the-claims>",
"claims_format": "json|stringified_json",
"header": "<optional-key-to-indicate-cookie-or-authorization-header>"
}
}
- set hasura jwt settings
Issue Analytics
- State:
- Created 2 years ago
- Comments:8 (3 by maintainers)
Top Results From Across the Web
Authentication & Authorization | Hasura GraphQL Docs
For Authorization or Access Control, Hasura helps you define granular role-based access control rules for every field in your GraphQL schema (granular enough...
Read more >How to Add Authentication to Hasura - Nhost
Hasura Auth is an open-source service to handle authentication with Hasura. With Hasura Auth you can sign in users and manage roles. Hasura...
Read more >nhost/hasura-auth: Authentication for Hasura. - GitHub
Use Nhost to start using Hasura Auth in seconds. Using Docker-compose. git clone https://github.com/nhost/hasura-auth.git cd ...
Read more >Building custom authentication with Hasura Actions - YouTube
In today's show we'll look at the login actions for the Hasura Super App and talk about which behaviours could or should live...
Read more >Using Authorizer with Hasura - DEV Community
Hasura gives you instant GraphQL / Rest API on top of SQL databases like Postgres and MySQL. It takes away the pain of...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Hi @chenkaiC4 just a quick heads-up from integrating with Hasura, but because Supertokens has dynamic JWKs, it means that this setup won’t work with Hasura. You can disable the rotation of keys, but you’d be dropping out a strong security advantage of super tokens. So far the solution would be using a webhook to take full advantage of super tokens, but the downside is you have to keep a separate server for it, such as hasura-supertokens which I am a maintainer.
We have released an implementation of JWT which can be used to integrate with Hasura. Integration docs can be found here: https://supertokens.io/docs/thirdpartyemailpassword/hasura-integration/with-jwt
So closing this issue.