Using Authorizer with Hasura
Step 1: Deploy Authorizer instance
Deploy production ready Authorizer instance using one click deployment options available below
For more information check docs
Step 2: Setup Instance
- Open authorizer instance endpoint in browser
- Signup with a secure password
- Configure social logins / smtp server and other environment variables based on your needs
For more information please check docs
Step 3: Setup Hasura Instance
- Signup to https://cloud.hasura.io/
- Create a free tire project
Step 4: Configure Database with Hasura
- Open the hasura endpoint for your instance
- Open settings and go to Env vars section
- Add the following env variable to configure the database as that of authorizer
HASURA_GRAPHQL_DATABASE_URL: <AUTHORIZER_DATABASE_URL>
Example
Check the hasura docs for more information.
Note: If you have used single click deployment option for authorizer you can get database URL from respective platform's env sections.
Step 5: Configure JWT token with Hasura
- Open the hasura endpoint for your instance
- Open settings and go to Env vars section
- Add the following env variable to configure the JWT token
HASURA_GRAPHOL_JWT_SECRET: {"type": <JWT_TYPE>, "key": <JWT_KEY>}
Example
Note: In case of RSA and ECDSA JWT types only provide the public key in PEM encoded string format. You can get the JWT type and key from the authorizer dashboard under env variables section.
Check the hasura docs for more information.
Step 6: Configure JWT token Authorization Script
In order for Hasura to authorize a user, JWT token needs to have specific keys, you can add those keys by modifying JWT token script in your Authorizer Dashboard.
Example:
function(user,tokenPayload) { var data = tokenPayload; data['https://hasura.io/jwt/claims'] = { 'x-hasura-user-id': user.id, 'x-hasura-default-role': tokenPayload.allowed_roles[0], 'x-hasura-allowed-roles': user.roles } return data;}
Once user login they get id_token which should be used with hasura queries as Authorization: Bearer ID_TOKEN. This will help in making Authorized requests.
You can configure access control for various roles that your application needs. You can also configure same roles in your authorizer dashboard.
For more information on access control check hasura docs
You can also stitch Authorizer Graphql Endpoint with Hasura Remote Schema, that way you can have single endpoint for all your GraphQL queries / mutations.