Allow JWT from multiple locations - Githubissues

hasura / graphql-engine

Blazing fast, instant realtime GraphQL APIs on your DB with fine grained access control, also trigger webhooks on database events.

https://hasura.io

Apache License 2.0

31.14k stars 2.77k forks source link

Allow JWT from multiple locations #9065

Open andrewalex opened 2 years ago

andrewalex commented 2 years ago

Is your proposal related to a problem?

To add a little more security to my web applications I'd like to make my JWT's http only cookies. This is currently possible by setting https://hasura.io/docs/latest/auth/authentication/jwt/#header

However, doing so would break all the other apps (mobile apps) currently using Authorization Headers.

Describe the solution you'd like

As described here, I'd like to be able to set an array of authentication options instead of a single object. https://hasura.io/docs/latest/auth/authentication/jwt/#header

header: [ {"type": "Authorization"} {"type": "Cookie", "name": "cookie_name"} ]

More amazingly would be to also allow {"type": "webhook", "url": "http://hasurarocks.io"} This would likely require additional refactoring

Describe alternatives you've considered

Using a webhook
standing up a second instance of hasura.

dsandip commented 2 years ago

@andrewalex additional info (from your chat in Discord) would be super helpful for the team to contextualise this ask!