You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are looking to integrate Hasura into our new infrastructure.
Setup
In our app(s) a user can be part of multiple tenants and have different roles in each tenant.
When issuing the JWT token over the OIDC provider, the tenant details are stored in the JWT as a custom claim.
As we do not know which resource from which tenant the user wants to access at the time of token issuance, we store all tenant details in the JWT token and extract the details upon request.
While we have not settled on the exact format on how we store the tenant details in the JWT token, we currently looking at the following format:
When a user wants to access a protected resource, we extract the details from the request URL and match it against the JWT details to decide on the action.
URL format:
<app-id>.domain.com/<tenant-id>/<resource>
So when a user wants to access app1.domain.com/tenant1/dashboard, we are matching the app-id (app1) and tenant-id (tenant1) from the URL to the JWT and extract the details.
Hasura
It would be ideal if we could not use a custom web hook to map the JWT details into the Hasura-accepted format to increase performance and cut on latency.
What ideas do you have to implement such a use-case?
Just some things that would come to my mind:
Extend Hasura claims to allow mappings from a predefined array format.
Introduce a mapping / scripting language on how a mapping can be scripted within Hasura, similar to https://auth0.com/docs/hooks
We are open to change the method on regard how we extract the JWT and access details.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi all 👋🏼
We are looking to integrate Hasura into our new infrastructure.
Setup
While we have not settled on the exact format on how we store the tenant details in the JWT token, we currently looking at the following format:
{ "tenant_details": [ "app1::tenant1::admin::pro::active", "app1::tenant2::guest::free::in_trial" ] }When a user wants to access a protected resource, we extract the details from the request URL and match it against the JWT details to decide on the action.
URL format:
So when a user wants to access
app1.domain.com/tenant1/dashboard, we are matching the app-id (app1) and tenant-id (tenant1) from the URL to the JWT and extract the details.Hasura
It would be ideal if we could not use a custom web hook to map the JWT details into the Hasura-accepted format to increase performance and cut on latency.
What ideas do you have to implement such a use-case?
Just some things that would come to my mind:
We are open to change the method on regard how we extract the JWT and access details.
Kind regards
Beta Was this translation helpful? Give feedback.
All reactions