Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

customClaims provide option for default value #610

Open
xmlking opened this issue Mar 1, 2025 · 7 comments
Open

customClaims provide option for default value #610

xmlking opened this issue Mar 1, 2025 · 7 comments

Comments

@xmlking
Copy link
Contributor

xmlking commented Mar 1, 2025
edited
Loading

I am using customClaims where for some cases this session variable might be null.
when I have permissions setup with {"org_id":{"_eq":"x-hasura-default-org"}}, when x-hasura-default-org is null, I will get invalid input syntax for type uuid: \"null\" error

[[auth.session.accessToken.customClaims]]
key = 'default-org'
value = 'defaultOrg'
Image

Ask

as suggested in this hasura issue, provide option to set default value for customClaims e.g.

[[auth.session.accessToken.customClaims]]
key = 'default-org'
value = 'defaultOrg'
defalt = '00000000-0000-0000-0000-000000000000'

hasura/graphql-engine#5134
@xmlking xmlking reopened this Mar 1, 2025
@dbarrosop
Copy link
Member

This makes total sense to me, is this something you may be able to contribute?

@xmlking
Copy link
Contributor Author

xmlking commented Mar 5, 2025

Sure, can you point me which files I should explore

@dbarrosop
Copy link
Member

dbarrosop commented Mar 6, 2025
edited
Loading

Unfortunately because not all endpoints are migrated from node to go we have to fix this in two places so while the change is probably not too hard (famous last words), it probably requires a lot of changes.

For node, the magic happens here: https://github.com/nhost/hasura-auth/blob/main/src/utils/jwt/custom-claims.ts#L91

For gi it is this file: https://github.com/nhost/hasura-auth/blob/main/go/controller/custom_claims.go

I think the first thing we need to consider is how to configure this. My main concern is that the way that the env var AUTH_JWT_CUSTOM_CLAIMS works now it might be too difficult to change so it might be easier to just add a second one AUTH_JWT_CUSTOM_CLAIMS_DEFAULTS that follows the same format but provides default values.

For isntance:

AUTH_JWT_CUSTOM_CLAIMS={"organisation-id":"profile.organisation[].id", "project-ids":"profile.contributesTo[].project.id"}
# no need to match all the keys
AUTH_JWT_CUSTOM_CLAIMS_DEFAULTS={"organisation-id":"00000000-0000-0000-0000-000000000000"}

@xmlking
Copy link
Contributor Author

xmlking commented Mar 6, 2025

any feedback on using jsonPath struct to hold the default value?

What is the defaultValue type you recommend ? *string or *any ?

type jsonPath struct {
	path  string
	jpath *jsonpath.JSONPath
        defaultValue *any
}

@dbarrosop
Copy link
Member

that's probably a fine place. Regarding type, I think any is better in case there is need to support other types (no need for a pointer as any can be a pointer already)

xmlking added a commit to xmlking/hasura-auth that referenced this issue Mar 7, 2025
@xmlking
feat: w.i.p: add defaults for customClaims nhost#610
47a5b22
@xmlking
Copy link
Contributor Author

xmlking commented Mar 7, 2025

please review go implementation #614
will work on node side next

@xmlking
Copy link
Contributor Author

xmlking commented Mar 8, 2025

updated TS files to support default for Custom Claims

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@xmlking @dbarrosop