Using Authorizer with Hasura (opens in a new tab)

In this section you will learn how to integrate Authorizer (opens in a new tab) with your Hasura instance and have authorized GraphQL API ready for your application.

Step 1: Deploy Authorizer Instance

To integrate Authorizer with Hasura, you will need an Authorizer instance deployed on your infrastructure or 3rd party cloud services. You can deploy authorizer instance using following one click deployment options:

Infra provider	One-click link	Additional information
Railway.app	(opens in a new tab)	docs (opens in a new tab)
Heroku	(opens in a new tab)	docs (opens in a new tab)
Render	(opens in a new tab)	docs (opens in a new tab)

You can also deploy Authorizer instance using

Note: If you are trying out with one click deployment options like railway then template is configured in a way that it will also deploy postgres + redis for you. But if you are going with other deployment options required environment variables are DATABASE_TYPE & DATABASE_URL. You can also configure REDIS_URL to have persisted sessions. For more information check docs (opens in a new tab).

In case of Hasura, we need to have database type as postgres / mysql or the one that is supported by Hasura and connect that database with Authorizer instance via Database Environment Variables.

Step 2: Configure Authorizer instance

You can configure authorizer instance by opening the URL or IP address of the deployed instance. Recommended way is to configure sub-domain for your authorizer instance example, auth.yourdomain.com. You will see an authorizer dashboard where you can configure

Social media logins
JWT key & secrets
User roles
Whitelist domains
Company information
Features
Access Token data
SMTP server
Webhooks
Email templates

Also, you can invite the users and manage them from the dashboard itself.

Step 3: Setup Hasura Instance

Signup on https://cloud.hasura.io/ (opens in a new tab)
Create a project

Step 4: Configure Database with Hasura Instance

Open the dashboard of Hasura cloud and navigate to your project
Click on Launch Console on top right corner
Go to Data section and connect to your database

Example

Check the hasura docs (opens in a new tab) for more information.

Note: If you have used one click deployment option for authorizer you can get database URL from respective platform's env sections.

Step 5: Configure JWT token with Hasura

Open Authorizer Dashboard
Get the JWT Type and Secret / Public Key from JWT Secrets section
Open the Hasura dashboard and navigate to your project
Open settings and go to Env vars section

Add the following env variable to configure the JWT token

HASURA_GRAPHQL_JWT_SECRET: {"type": <JWT_TYPE>, "key": <JWT_KEY>}

Example

Note: In case of RSA and ECDSA JWT types only provide the public key in PEM encoded string format. You can get the JWT type and key from the authorizer dashboard under env variables section.

Check the hasura docs (opens in a new tab) for more information.

Step 6: Configure JWT token Authorization Script

In order for Hasura to authorize a user, JWT token needs to have specific keys, you can add those keys by modifying JWT token script in your Authorizer Dashboard.

Example:

function(user,tokenPayload) {
  var data = tokenPayload;
  data['https://hasura.io/jwt/claims'] = {
    'x-hasura-user-id': user.id,
    'x-hasura-default-role': tokenPayload.allowed_roles[0],
    'x-hasura-allowed-roles': user.roles
  }
 
  return data;
}

script-image

Once user login they will get a id_token in the response, this token should be used with Hasura queries as Authorization: Bearer ID_TOKEN. This will help in making Authorized requests.

You can configure access control for the various roles that your application needs from Hasura + Add / Update those roles from Authorizer dashboard

authorizer_roles

For more information on access control check Hasura docs (opens in a new tab)

You can also stitch Authorizer GraphQl Endpoint with Hasura Remote Schema, that way you can have single endpoint for all your GraphQL queries / mutations.

Gatsbyjs React Native