这是indexloc提供的服务,不要输入任何密码
Skip to content

add config for stringified hasura claims in JWT (fix #1176) #1538

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Feb 5, 2019
Merged

add config for stringified hasura claims in JWT (fix #1176) #1538

merged 4 commits into from
Feb 5, 2019

Conversation

@ecthiender
Copy link
Contributor

@ecthiender ecthiender commented Jan 31, 2019
edited by dsandip
Loading

Add support for AWS Cognito JWT

Add config option (claims_format) to indicate if the hasura specific claims in JWT are stringified.
This is required, as some providers like AWS Cognito allow only strings in custom claims.

Default : json.

When stringified_json, Hasura will expect stringified hasura claims:

  {
    "sub": "1234567890",
    "name": "John Doe",
    "admin": true,
    "iat": 1516239022,
    "https://hasura.io/jwt/claims": "{\"x-hasura-allowed-roles\":[\"editor\",\"user\",\"mod\"],\"x-hasura-default-role\":\"user\",\"x-hasura-user-id\":\"1234567890\",\"x-hasura-org-id\":\"123\",\"x-hasura-custom\":\"custom-value\"}"
  }

What component does this PR affect?

  • Server
  • Console
  • CLI
  • Docs
  • Community Content
  • Build System

Requires changes from other components? If yes, please mark the components:

  • Server
  • Console
  • CLI
  • Docs
  • Community Content
  • Build System

Related Issue

#1176

Solution and Design

Type

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Docs update
  • Community content

Checklist:

  • I have read the contributing guide and my code conforms to the guidelines.
  • This change requires a change in the documentation.
  • I have updated the documentation accordingly.
  • I have added required tests.

@ecthiender
add config for stringified hasura claims in JWT (fix #1176)
2855566 
  this is required, as some providers like AWS Cognito allows only
  strings in custom claims.
@ecthiender ecthiender added the c/server Related to server label Jan 31, 2019
@ecthiender ecthiender self-assigned this Jan 31, 2019
@hasura-bot
Copy link
Contributor

hasura-bot commented Jan 31, 2019

Review app for commit 2855566 deployed to Heroku: https://hge-ci-pull-1538.herokuapp.com
Docker image for server: hasura/graphql-engine:pull1538-2855566

@ecthiender ecthiender requested review from 0x777 and nizar-m January 31, 2019 13:13
0x777
0x777 reviewed Feb 5, 2019
View reviewed changes
docs/graphql/manual/auth/jwt.rst Outdated
"jwk_url": "<optional-url-to-refresh-jwks>",
"claims_namespace": "<optional-key-name-in-claims>"
"claims_namespace": "<optional-key-name-in-claims>",
"is_stringified": <optional-boolean>
Copy link
Member

@0x777 0x777 Feb 5, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

claims_are_stringified_json?

Copy link
Member

@0x777 0x777 Feb 5, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

or claims_format? can be one of json/stringified_json. The default can be json.

0x777
0x777 reviewed Feb 5, 2019
View reviewed changes
server/src-lib/Hasura/Server/Auth/JWT.hs Outdated

validateIsObject jVal =
parseObjectFromString isStrngfd jVal =
case jVal of
Copy link
Member

@0x777 0x777 Feb 5, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

case (isStrngFd, jVal) of 
  (True, String x)   -> string parsing logic
  (True, _) -> "expecting a string when the format is stringified_json"
  (False, Object o) -> return o
  (False, _) -> "expecting a json object when the format is json"

Something along those lines. More readable.

0x777
0x777 reviewed Feb 5, 2019
View reviewed changes
server/src-lib/Hasura/Server/Auth/JWT.hs Outdated
(JCFJson, _) ->
throw400 JWTInvalidClaims "expecting a json object when claims_format is json"

strngfdErr = "Could not parse JSON string under: '"
Copy link
Member

@0x777 0x777 Feb 5, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Something simpler like: "expecting stringified json at" <> loc <> "but found: " <> v?

0x777
0x777 reviewed Feb 5, 2019
View reviewed changes
server/src-lib/Hasura/Server/Auth/JWT.hs Outdated
instance Show JWTCtx where
show (JWTCtx _ nsM audM) =
show ["<IORef JWKSet>", show nsM, show audM]
show (JWTCtx _ nsM audM strfd) =
Copy link
Member

@0x777 0x777 Feb 5, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove references to strfd, isstrngfd?

@0x777 0x777 merged commit 4f6462e into hasura:master Feb 5, 2019
@hasura-bot
Copy link
Contributor

hasura-bot commented Feb 5, 2019

Review app https://hge-ci-pull-1538.herokuapp.com is deleted

hasura-bot pushed a commit that referenced this pull request Jan 21, 2025
@danieljharvey @hasura-bot
Basic relationships to model aggregates (#1538)
c69fa24 
<!-- The PR description should answer 2 important questions: -->

### What

Fix relationships to model aggregates

V3_GIT_ORIGIN_REV_ID: e00c5d382f3429447920b41bb2854a8a88d0ac1a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@0x777 0x777 0x777 approved these changes

@nizar-m nizar-m Awaiting requested review from nizar-m

Assignees

@ecthiender ecthiender

Labels

c/server Related to server

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ecthiender @hasura-bot @0x777