hasura-auth icon indicating copy to clipboard operation
hasura-auth copied to clipboard
verified publisher icon nhost

custom claims not working with JSONata array syntax

Open xmlking opened this issue 2 years ago • 2 comments

I am using custom claims / AUTH_JWT_CUSTOM_CLAIMS As per this document, JSONata syntax should be supported.

This is Working

[[auth.session.accessToken.customClaims]]
key = 'org-id'
value = 'organizations[].organization'

{
  "https://hasura.io/jwt/claims": {
    "x-hasura-org-id": "{\"chinthagunta\",\"example\"}",
    "x-hasura-allowed-roles": [
      "me",
      "user",
      "manager"
    ],
    "x-hasura-default-role": "user",
    "x-hasura-user-id": "d3b12728-accf-4732-83ac-2e605341731c",
    "x-hasura-user-is-anonymous": "false"
  },
  "sub": "d3b12728-accf-4732-83ac-2e605341731c",
  "iat": 1699434443,
  "exp": 1699435343,
  "iss": "hasura-auth"
}

This is NOT Working

[[auth.session.accessToken.customClaims]]
key = 'org-id'
value = 'organizations[0].organization'

{
  "https://hasura.io/jwt/claims": {
    "x-hasura-allowed-roles": [
      "me",
      "user",
      "manager"
    ],
    "x-hasura-default-role": "user",
    "x-hasura-user-id": "d3b12728-accf-4732-83ac-2e605341731c",
    "x-hasura-user-is-anonymous": "false"
  },
  "sub": "d3b12728-accf-4732-83ac-2e605341731c",
  "iat": 1699434606,
  "exp": 1699435506,
  "iss": "hasura-auth"
}

hasura-auth logs

nhost-kit-auth-1  | {"level":"warn","message":"Invalid custom JWT GraphQL Query","request":"query ($userId: uuid!) { user (id: $userId) { organizations[0] { organization } } }"}
nhost-kit-auth-1  | {"level":"warn","message":"Invalid custom JWT GraphQL Query","request":"query ($userId: uuid!) { user (id: $userId) { organizations[0] { organization } } }"}
nhost-kit-auth-1  | {"level":"warn","message":"Invalid custom JWT GraphQL Query","request":"query ($userId: uuid!) { user (id: $userId) { organizations[0] { organization } } }

xmlking avatar Nov 08 '23 09:11 xmlking

You are right, that documentation needs to be updated to mention that only . and [] are supported, not the full spec.

dbarrosop avatar Nov 08 '23 10:11 dbarrosop

if you need to select only one in particular for some reason you can try adding a computed field and using that instead.

dbarrosop avatar Nov 08 '23 10:11 dbarrosop

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar May 06 '24 14:05 stale[bot]