hasura-auth icon indicating copy to clipboard operation
hasura-auth copied to clipboard
verified publisher icon nhost

customClaims provide option for default value

Open xmlking opened this issue 1 year ago • 8 comments

I am using customClaims where for some cases this session variable might be null. when I have permissions setup with {"org_id":{"_eq":"x-hasura-default-org"}}, when x-hasura-default-org is null, I will get invalid input syntax for type uuid: \"null\" error

[[auth.session.accessToken.customClaims]]
key = 'default-org'
value = 'defaultOrg'
Image

Ask

as suggested in this hasura issue, provide option to set default value for customClaims e.g.

[[auth.session.accessToken.customClaims]]
key = 'default-org'
value = 'defaultOrg'
defalt = '00000000-0000-0000-0000-000000000000'

https://github.com/hasura/graphql-engine/issues/5134

xmlking avatar Mar 01 '25 20:03 xmlking

This makes total sense to me, is this something you may be able to contribute?

dbarrosop avatar Mar 04 '25 09:03 dbarrosop

Sure, can you point me which files I should explore

xmlking avatar Mar 05 '25 07:03 xmlking

Unfortunately because not all endpoints are migrated from node to go we have to fix this in two places so while the change is probably not too hard (famous last words), it probably requires a lot of changes.

For node, the magic happens here: https://github.com/nhost/hasura-auth/blob/main/src/utils/jwt/custom-claims.ts#L91

For gi it is this file: https://github.com/nhost/hasura-auth/blob/main/go/controller/custom_claims.go

I think the first thing we need to consider is how to configure this. My main concern is that the way that the env var AUTH_JWT_CUSTOM_CLAIMS works now it might be too difficult to change so it might be easier to just add a second one AUTH_JWT_CUSTOM_CLAIMS_DEFAULTS that follows the same format but provides default values.

For isntance:

AUTH_JWT_CUSTOM_CLAIMS={"organisation-id":"profile.organisation[].id", "project-ids":"profile.contributesTo[].project.id"}
# no need to match all the keys
AUTH_JWT_CUSTOM_CLAIMS_DEFAULTS={"organisation-id":"00000000-0000-0000-0000-000000000000"}

dbarrosop avatar Mar 06 '25 07:03 dbarrosop

any feedback on using jsonPath struct to hold the default value?

What is the defaultValue type you recommend ? *string or *any ?

type jsonPath struct {
	path  string
	jpath *jsonpath.JSONPath
        defaultValue *any
}

xmlking avatar Mar 06 '25 18:03 xmlking

that's probably a fine place. Regarding type, I think any is better in case there is need to support other types (no need for a pointer as any can be a pointer already)

dbarrosop avatar Mar 06 '25 21:03 dbarrosop

please review go implementation https://github.com/nhost/hasura-auth/pull/614 will work on node side next

xmlking avatar Mar 07 '25 00:03 xmlking

updated TS files to support default for Custom Claims

xmlking avatar Mar 08 '25 18:03 xmlking

opened new PR with pnpm audit --fix applied.

https://github.com/nhost/hasura-auth/pull/616

xmlking avatar Mar 14 '25 03:03 xmlking