Hasura doesn't have JWT auth setup

[Xetera]

Maybe I missed something but I can't find anything on Hasura's side for authentication. I thought there would be a json string in docker-compose.yaml for the jwt auth setup but I couldn't find that in the repo

[ghoshnirmalya]

@Xetera This is how the authentication is handled:

1. The token is generated here. According the Hasura documentation:

   Authentication is handled outside of Hasura. Hasura delegates authentication and resolution of request headers into session variables to your authentication service (existing or new). Your authentication service is required to pass a user’s role information in the form of session variables like X-Hasura-Role, etc. More often than not, you’ll also need to pass user information for your access control use cases, like X-Hasura-User-Id, to build permission rules.

2. For each GraphQL request, this token is sent to the Hasura server via the headers. For more information, see the Authorization documentation.

[dhmacs]

@ghoshnirmalya I'm confused. It seems that the only thing you're passing to headers is the user id. I would expect you pass a jwt token in the Bearer header. Also it seems you are not using Hasura auth webhook either, so it looks like there's no auth setup here 🤔

[ghoshnirmalya]

@Xetera @dhmacs Thank you for pointing that out. Let me check and get back on this.

[ghoshnirmalya]

@Xetera @dhmacs I've merged https://github.com/ghoshnirmalya/nextjs-hasura-boilerplate/pull/34 which should resolve this issue. Right now, the Authorization header (with the JWT) is getting passed to the Hasura server. Hasura will decode the token and send data based on the permissions set on the model.

Please let me know if something is still missing/wrong. Again, thank you so much for pointing out such a big issue.