search

hasura / graphql-engine

Blazing fast, instant realtime GraphQL APIs on your DB with fine grained access control, also trigger webhooks on database events.
https://hasura.io
Apache License 2.0
31.18k stars 2.77k forks source link

Auth: Add support for selecting the db tenant via a JWT claim #8779

Open gstewart-aiwyn opened 2 years ago

gstewart-aiwyn commented 2 years ago

Is your proposal related to a problem?

We use schema per tenant approach in PostgreSql. Currently we have to use apollo client to modify the query by adding the correct tenant to the front of the query and then map the tenant claim in the JWT to a user which has access to the proper tables/views/actions for that tenant.

Describe the solution you'd like

It would be awesome if we could map the tenant claim in the token directly to a DB schema so that we didn't have to use Apollo client to rewrite the query dynamically or map to a tenant specific user.

If the feature is approved, would you be willing to submit a PR?

Yes, we would be willing to do the dev work if this feature is approved.

ajohnson1200 commented 2 years ago

@rahulagarwal13 ☝️ this sounds like something that might be solved by the dynamic DB connection string work that your team is doing.

rahulagarwal13 commented 1 year ago

Thanks @gstewart-anduin for the feature request. We are currently working on dynamic Db connection feature which is in alpha stage currently. Do you have different schema per tenant? If not, we believe you can use the new feature for this use-case. Here is the RFC for it. Can you please check and let know if our solution will work for you and any other feedback you have for us?

gstewart-aiwyn commented 1 year ago

We do have a separate schema per tenant in our Postgres instance so this won't help us currently with that issue, which we currently have to work around with Apollo. This feature could be useful for us in the future if extended to BigQuery and possibly Postgres for other use cases besides tenancy.

On Fri, Dec 16, 2022 at 6:39 PM Rahul Agarwal @.***> wrote:

Thanks @gstewart-anduin https://github.com/gstewart-anduin for the feature request. We are currently working on dynamic Db connection feature which is in alpha stage currently. Do you have different schema per tenant? If not, we believe you can use the new feature for this use-case. Here https://github.com/hasura/graphql-engine/pull/9310/files is the RFC for it. Can you please check and let know if our solution will work for you and any other feedback you have for us?

— Reply to this email directly, view it on GitHub https://github.com/hasura/graphql-engine/issues/8779#issuecomment-1355828057, or unsubscribe https://github.com/notifications/unsubscribe-auth/AUG72ZQRW3IPHYKB2PMVO63WNT4UZANCNFSM56KIJU4A . You are receiving this because you were mentioned.Message ID: @.***>

tirumaraiselvan commented 1 year ago

Related to : https://github.com/hasura/graphql-engine/issues/3606