search

hasura / nodejs-graphql-subscriptions-boilerplate

Boilerplate to setup GraphQL subscriptions in your nodejs code
https://hasura.io
MIT License
80 stars 9 forks source link

Cannot set up role based access to data with Firebase JWT #7

Closed Rigel772 closed 3 years ago

Rigel772 commented 3 years ago

Following the documentation for Firebase have set Heroku Config Var:

{
    "type":"RS256",
    "jwk_url": "https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com",
    "audience": "geosystem-2021",
    "issuer": "https://securetoken.google.com/geosystem-2021"
}

And sending from Apollo Client Header:

'Authorization': `Bearer ${token}`

The token contains correct claims:

"https://hasura.io/jwt/claims": {
    "x-hasura-default-role": "biuro",
    "x-hasura-allowed-roles": [
      "biuro"
    ],
    "x-hasura-user-id": "ytBVYInCbCghON3Xv4gXUq9iXsn1"
  },

And still on Hasura API Explorer with selected header : Authorization Bearer oad098sadTOKEN_HERE getting error:

x-hasura-admin-secret/x-hasura-access-key required, but not found

on client:

Unhandled Rejection (Error): x-hasura-admin-secret/x-hasura-access-key required, but not found

With x-hasura-admin-secret everything is working fine but all tables are available, not the ones meant for my user role... What am I missing? Thanks

Rigel772 commented 3 years ago

Problem solved! The Config var should be set in Hasura not Heroku