• Integrations
  • Hasura

Using Authorizer with Hasura

In this section you will learn how to integrate Authorizer with your Hasura instance and have authorized GraphQL API ready for your application.

Step 1: Deploy Authorizer Instance

To integrate Authorizer with Hasura, you will need an Authorizer instance deployed on your infrastructure or 3rd party cloud services. You can deploy authorizer instance using following one click deployment options:

Infra providerOne-click linkAdditional information
Railway.appDeploy on Railwaydocs
HerokuDeploy to Herokudocs
Renderrender buttondocs


You can also deploy Authorizer instance using

Note: If you are trying out with one click deployment options like railway then template is configured in a way that it will also deploy postgres + redis for you. But if you are going with other deployment options required environment variables are DATABASE_TYPE & DATABASE_URL. You can also configure REDIS_URL to have persisted sessions. For more information check docs.

In case of Hasura, we need to have database type as postgres / mysql or the one that is supported by Hasura and connect that database with Authorizer instance via Database Environment Variables.

Step 2: Configure Authorizer instance

You can configure authorizer instance by opening the URL or IP address of the deployed instance. Recommended way is to configure sub-domain for your authorizer instance example, auth.yourdomain.com. You will see an authorizer dashboard where you can configure

  • Social media logins
  • JWT key & secrets
  • User roles
  • Whitelist domains
  • Company information
  • Features
  • Access Token data
  • SMTP server
  • Webhooks
  • Email templates

Also, you can invite the users and manage them from the dashboard itself.

Step 3: Setup Hasura Instance

Step 4: Configure Database with Hasura Instance

  • Open the dashboard of Hasura cloud and navigate to your project

  • Click on Launch Console on top right corner

  • Go to Data section and connect to your database

    Example hasura_db_conenction

Check the hasura docs for more information.

Note: If you have used one click deployment option for authorizer you can get database URL from respective platform's env sections.

Step 5: Configure JWT token with Hasura

  • Open Authorizer Dashboard

  • Get the JWT Type and Secret / Public Key from JWT Secrets section authorizer_jwt_config

  • Open the Hasura dashboard and navigate to your project

  • Open settings and go to Env vars section

  • Add the following env variable to configure the JWT token


    Example image

Note: In case of RSA and ECDSA JWT types only provide the public key in PEM encoded string format. You can get the JWT type and key from the authorizer dashboard under env variables section.

Check the hasura docs for more information.

Step 6: Configure JWT token Authorization Script

In order for Hasura to authorize a user, JWT token needs to have specific keys, you can add those keys by modifying JWT token script in your Authorizer Dashboard.


function(user,tokenPayload) {
  var data = tokenPayload;
  data['https://hasura.io/jwt/claims'] = {
    'x-hasura-user-id': user.id,
    'x-hasura-default-role': tokenPayload.allowed_roles[0],
    'x-hasura-allowed-roles': user.roles
  return data;


Once user login they will get a id_token in the response, this token should be used with Hasura queries as Authorization: Bearer ID_TOKEN. This will help in making Authorized requests.

You can configure access control for the various roles that your application needs from Hasura + Add / Update those roles from Authorizer dashboard


For more information on access control check Hasura docs

You can also stitch Authorizer GraphQl Endpoint with Hasura Remote Schema, that way you can have single endpoint for all your GraphQL queries / mutations.

Last updated on August 31, 2022