I have a JWT token which looks like
{
"aud": "xx",
"iss": "http://xx.com/adfs/services/trust",
"iat": 1649956864,
"exp": 1649960464,
"apptype": "xx",
"appid": "dcf6c0d8-7f3c-4904-a0c9-852c92c7624f",
"authmethod": "http://xx",
"auth_time": "2022-04-14T17:21:04.095Z",
"ver": "1.0"
}
I am trying to map appid
into x-hasura-allowed-roles
field as an item of an array by using claims_map
in Hasura.
HASURA_GRAPHQL_JWT_SECRET: '{"jwk_url":"xx","claims_map":{"x-hasura-allowed-roles":{"path":"$.appid"},"x-hasura-default-role":{"path":"$.appid"}}}'
Note this part inside:
"x-hasura-allowed-roles":{"path":"$.appid"}
I will get this error when I query
invalid x-hasura-allowed-roles; should be a list of roles: parsing [] failed, expected Array, but encountered String
which makes sense, because x-hasura-allowed-roles
needs to be an array.
If I change to
"x-hasura-allowed-roles":[{"path":"$.appid"}]
When I start Hasura, I will get the error
Fatal Error:- Environment variable HASURA_GRAPHQL_JWT_SECRET: Error in $['claims_map'][0]: parsing String failed, expected String, but encountered Object
"x-hasura-allowed-roles":{"path":["$.appid"]}
Fatal Error:- Environment variable HASURA_GRAPHQL_JWT_SECRET: Error in $['claims_map'].path: parsing Text failed, expected String, but encountered Array
How to map correctly to make x-hasura-allowed-roles
field an array? Thanks
@Arjun Yelamanchili helped create a GitHub ticket at https://github.com/hasura/graphql-engine/issues/8402
Here is a temp solution, I ended up with hardcoding x-hasura-allowed-roles
like
HASURA_GRAPHQL_JWT_SECRET: '{"jwk_url":"xx","claims_map":{"x-hasura-allowed-roles":["dcf6c0d8-7f3c-4904-a0c9-852c92c7624f"],"x-hasura-default-role":{"path":"$.appid"}}}'
It is more strict.
However, I feel it might not be necessary, as we will define each appid permissions in Hasura UI. Also, I need update HASURA_GRAPHQL_JWT_SECRET
each time when I onboard a new app.