search

nhost / hasura-auth

Authentication for Hasura.
https://nhost.io
MIT License
376 stars 111 forks source link

custom claims not working with JSONata array syntax #434

Closed xmlking closed 3 months ago

xmlking commented 9 months ago

I am using custom claims / AUTH_JWT_CUSTOM_CLAIMS As per this document, JSONata syntax should be supported.

This is Working

[[auth.session.accessToken.customClaims]]
key = 'org-id'
value = 'organizations[].organization'
{
  "https://hasura.io/jwt/claims": {
    "x-hasura-org-id": "{\"chinthagunta\",\"example\"}",
    "x-hasura-allowed-roles": [
      "me",
      "user",
      "manager"
    ],
    "x-hasura-default-role": "user",
    "x-hasura-user-id": "d3b12728-accf-4732-83ac-2e605341731c",
    "x-hasura-user-is-anonymous": "false"
  },
  "sub": "d3b12728-accf-4732-83ac-2e605341731c",
  "iat": 1699434443,
  "exp": 1699435343,
  "iss": "hasura-auth"
}

This is NOT Working

[[auth.session.accessToken.customClaims]]
key = 'org-id'
value = 'organizations[0].organization'
{
  "https://hasura.io/jwt/claims": {
    "x-hasura-allowed-roles": [
      "me",
      "user",
      "manager"
    ],
    "x-hasura-default-role": "user",
    "x-hasura-user-id": "d3b12728-accf-4732-83ac-2e605341731c",
    "x-hasura-user-is-anonymous": "false"
  },
  "sub": "d3b12728-accf-4732-83ac-2e605341731c",
  "iat": 1699434606,
  "exp": 1699435506,
  "iss": "hasura-auth"
}

hasura-auth logs

nhost-kit-auth-1  | {"level":"warn","message":"Invalid custom JWT GraphQL Query","request":"query ($userId: uuid!) { user (id: $userId) { organizations[0] { organization } } }"}
nhost-kit-auth-1  | {"level":"warn","message":"Invalid custom JWT GraphQL Query","request":"query ($userId: uuid!) { user (id: $userId) { organizations[0] { organization } } }"}
nhost-kit-auth-1  | {"level":"warn","message":"Invalid custom JWT GraphQL Query","request":"query ($userId: uuid!) { user (id: $userId) { organizations[0] { organization } } }
dbarrosop commented 9 months ago

You are right, that documentation needs to be updated to mention that only . and [] are supported, not the full spec.

dbarrosop commented 9 months ago

if you need to select only one in particular for some reason you can try adding a computed field and using that instead.

stale[bot] commented 3 months ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.