Graphql-engine: HGE optional claims namespacing

@aurokk We should find a way of supporting this asap. But also, in the meanwhile, perhaps you can also raise an issue with identityserver to support custom claims?

I think the names of the variables must begin with x-hasura-* for Hasura to differentiate between liberals and variables in the permission rules. So we’ll need to figure that out too.

@aurokk can you add custom claims in the root namespace with identityserver? Stuff like allowed-roles?

@coco98
Yep, I can. IdentityServer supports custom claims but it's value can only be a string (array of string is possible too). For example it's possible token payload:

{
  ...
  "sub": "1",
  "x-hasura-allowed-roles": ["user", "admin"],
  "x-hasura-role": "user"
  ...
}

In .NET claims docs microsoft says
(https://docs.microsoft.com/en-us/dotnet/api/system.security.claims.claim?view=netcore-2.1):

The Value property contains the value of the claim. In order to reduce dependencies and simplify administration, in WIF the value of a claim is represented only as a string. For more complex value types, it is recommended that you use standard XML schema types to indicate how the value is meant to be serialized into and deserialized from a string.

But maybe identity server can deserialize custom claims types before create tokens. I'll ask them about.

Question about complex types/namespaces and claims at IdentityServer's github: https://github.com/IdentityServer/IdentityServer4/issues/2774

Guys from IdS answered me that IdS can add complex objects in tokens. I tried — it works. I think we can close this issue, thank you.