Open wolfgangwalther opened 6 months ago
I would like to give users who don't have a role claim but do have a valid unexpired id_token access to postgrest without having to grant access to anonymous users.
I can see how it makes sense to make a difference between those.
The idea would be to have something like a db-noclaim-role configuration parameter that would be used to assign a role to users who have a valid unexpired id_token jwt but don't have a claim that matches the path defined in jwt-role-claim-key.
Maybe something like db-authenticated-fallback-role
or so? That would match db-anon-role
a bit.
@wolfgangwalther db-authenticated-fallback-role
sounds good to me, is there anyone else's input that is needed or should I go ahead and start working on this based on the description provided?
@steve-chavez WDYT?
Discussed in https://github.com/PostgREST/postgrest/discussions/3366