Hasura Auth

Authentication for Hasura

Core Features

• 🧑‍🤝‍🧑 Users are stored in Postgres and accessed via GraphQL
• 🔑 Multiple sign-in methods.
• ✨ Integrates with GraphQL and Hasura Permissions
• 🔐 JWT tokens and Refresh Tokens.
• ✉️ Emails sent on various operations
• ✅ Optional checking for Pwned Passwords.

Sign in methods

• Email and Password - simple email and password method.
• Email - also called passwordless email or magic link.
• SMS - also called passwordless sms.
• Anonymous - sign in users without any method. Anonymous users can be converted to regular users.
• OAuth providers: Facebook, Google, GitHub, Twitter, Apple, Azure AD, LinkedIn, Windows Live, Spotify, Strava, GitLab, BitBucket, Discord, WorkOS.
• Security keys with WebAuthn

Deploy Hasura Auth in Seconds

Use Nhost to start using Hasura Auth in seconds.

Using Docker-compose

git clone https://github.com/nhost/hasura-auth.git
cd hasura-auth
cp .env.example .env
docker-compose -f docker-compose-example.yaml up

Configuration

Read our configuration guide to customise the Hasura Auth settings.

Workflows

• Email and password
• Oauth social providers
• Passwordless with emails (magic links)
• Passwordless with SMS
• Anonymous users
• Change email
• Change password
• Reset password
• Refresh tokens
• Security keys with WebAuthn

JWT Signing

The JWT tokens can be signed with either a symmetric key based on HMAC-SHA or with asymmetric keys based on RSA. To configure the JWT signing method, set the environment variable HASURA_GRAPHQL_JWT_SECRET which should follow the same format as Hasura with a few considerations:

1. Only HS and RS algorithms are supported.
2. If using RS algorithm, the public key should be in PEM format.
3. If using RS algorithm, the private key should be in PKCS#8 format inside an extra field signing_key.
4. If using RS algorithm, an additional field kid can be added to specify the key id in the JWK Set.

When using asymmetric keys, you can get the JWK Set from the endpoing .well-known/jwks.json.

Recipes

• Extending Hasura's permissions with Custom JWT claims
• Extending the user schema

Reference

• List of the available environment variables.
• The service comes with an OpenAPI definition which you can also see online.
• Database Schema

🤝 Contributing

Contributions and issues are welcome. Please have a look at the developer's guide if you want to prepare a pull request.

Feel free to check the issues page.

Show your support

Give a ⭐️ if this project helped you!

📝 License

This project is MIT licensed.