Create Authorization Flow in Hasura

[sotoJ24]

Description
Implement an authorization flow in Hasura to enforce fine-grained access control based on user roles and permissions. The flow will leverage Hasura's role-based permissions system to control access to database tables and operations based on the user's role, as defined in the JWT tokens issued by Firebase Authentication.

Problem
The system requires a robust authorization mechanism to:

• Ensure that users only access resources they are authorized for.
• Manage access to sensitive operations based on roles.
• Provide scalability for future additions of roles and permissions.

Requirements

1. Define Roles:

   • Define roles in the roles table (e.g., admin, editor, viewer).
   • Set up corresponding role-based rules in Hasura.

2. Permissions Configuration in Hasura:

   • Configure permissions for each table and operation (SELECT, INSERT, UPDATE, DELETE) based on user roles.
   • Use Hasura’s role-based permission editor to specify rules such as:
     • admin has full access to all tables.
     • editor can modify content but not manage users.
     • viewer has read-only access to specific resources.

3. JWT Claims Mapping:

   • Ensure Hasura maps roles from Firebase JWT claims to enforce role-based permissions.
   • Validate that custom claims in the JWT tokens are properly parsed and applied.

4. Testing and Validation:

   • Test the authorization flow for different user roles using the Hasura GraphQL API.
   • Validate that unauthorized requests are correctly rejected.

Hasura https://hasura.io/

Firebase https://firebase.google.com/

Graphql https://graphql.org/