Using Authorizer with Hasura
In this section you will learn how to integrate Authorizer with your Hasura instance and have authorized GraphQL API ready for your application.
Step 1: Deploy Authorizer Instance
To integrate Authorizer with Hasura, you will need an Authorizer instance deployed on your infrastructure or 3rd party cloud services. You can deploy authorizer instance using following one click deployment options:
| Infra provider | One-click link | Additional information |
|---|---|---|
| Railway.app |  | docs |
| Heroku |  | docs |
| Render |  | docs |
OR
You can also deploy Authorizer instance using
Note: If you are trying out with one click deployment options like railway then template is configured in a way that it will also deploy postgres + redis for you. But if you are going with other deployment options required environment variables are
DATABASE_TYPE&DATABASE_URL. You can also configureREDIS_URLto have persisted sessions. For more information check docs.
In case of Hasura, we need to have database type as postgres / mysql or the one that is supported by Hasura and connect that database with Authorizer instance via Database Environment Variables.
Step 2: Configure Authorizer instance
You can configure authorizer instance by opening the URL or IP address of the deployed instance. Recommended way is to configure sub-domain for your authorizer instance example, auth.yourdomain.com. You will see an authorizer dashboard where you can configure
- Social media logins
- JWT key & secrets
- User roles
- Whitelist domains
- Company information
- Features
- Access Token data
- SMTP server
- Webhooks
- Email templates
Also, you can invite the users and manage them from the dashboard itself.
Step 3: Setup Hasura Instance
- Signup on https://cloud.hasura.io/
- Create a project
Step 4: Configure Database with Hasura Instance
-
Open the dashboard of Hasura cloud and navigate to your project
-
Click on
Launch Consoleon top right corner -
Go to
Datasection and connect to your databaseExample
Check the hasura docs for more information.
Note: If you have used one click deployment option for authorizer you can get database URL from respective platform's env sections.
Step 5: Configure JWT token with Hasura
-
Open Authorizer Dashboard
-
Get the JWT Type and Secret / Public Key from
JWT Secretssection
-
Open the Hasura dashboard and navigate to your project
-
Open settings and go to
Env varssection -
Add the following env variable to configure the JWT token
HASURA_GRAPHQL_JWT_SECRET: {"type": <JWT_TYPE>, "key": <JWT_KEY>}Example
Note: In case of RSA and ECDSA JWT types only provide the public key in PEM encoded string format. You can get the JWT type and key from the authorizer dashboard under env variables section.
Check the hasura docs for more information.
Step 6: Configure JWT token Authorization Script
In order for Hasura to authorize a user, JWT token needs to have specific keys, you can add those keys by modifying JWT token script in your Authorizer Dashboard.
Example:
function(user,tokenPayload) {
var data = tokenPayload;
data['https://hasura.io/jwt/claims'] = {
'x-hasura-user-id': user.id,
'x-hasura-default-role': tokenPayload.allowed_roles[0],
'x-hasura-allowed-roles': user.roles
}
return data;
}
Once user login they will get a id_token in the response, this token should be used with Hasura queries as Authorization: Bearer ID_TOKEN. This will help in making Authorized requests.
You can configure access control for the various roles that your application needs from Hasura + Add / Update those roles from Authorizer dashboard
For more information on access control check Hasura docs
You can also stitch Authorizer GraphQl Endpoint with Hasura Remote Schema, that way you can have single endpoint for all your GraphQL queries / mutations.