Graphql-engine: auth server examples / boilerplates
Details:
Currently, auth/user management is delegated to a preferred choice of external auth service. A simple self managed service could be username/password based service on the same Postgres database as Hasura.
The service should have the following APIs:
1) /register : Register a user using username and password.
2) /login: Check creds and return an auth token.
3) /resolve: Get auth token (from header), resolve it and return X-Hasura-User-Id and X-Hasura-Allowed-Roles
Deployment instructions:
1) A migrations script (for required tables) should be included.
2) A simple way to deploy on (any) cloud should be included.
tirumaraiselvan
All 7 comments
There are some community initiatives on GitHub:
https://github.com/elitan/hasura-backend-plus
https://github.com/DevSpeak/hasura-simple-auth
elitan
on 6 Feb 2019
Hello,
Another boilerplate with JWT and implement multiple roles management through x-hasura-allowed-roles: https://github.com/platyplus/authentication-server
plmercereau
on 6 Feb 2019
@elitan, @plmercereau, @DevSpeak Thanks guys but we can add one complete example to community folder of official repo (this repo) for simpler access.
Now my question is which one of above example are better? :thinking:
mnlbox
on 7 Feb 2019
@tirumaraiselvan, @elitan, @plmercereau, @DevSpeak Now Hasura support react-admin I think it can be useful if selected boilerplate can support user management task (create user, role, reset users password, ...) thought a GUI admin panel too.
What is your opinion?
mnlbox
on 7 Feb 2019
Maybe we should include these repo links in the community/README.md file so it is searchable and easy to access for new users?
elitan
on 7 Feb 2019
@elitan Yes I'm agree. Also a small comparison between these three solution can help user to select between these options.
mnlbox
on 7 Feb 2019
Hello,
I did a PR with the above repository.
@mnlbox about the missing features you are mentioning, the assumption I made in this boilterplate is that this authentication service would connect to the same Postgres database Hasura would use.
I then manage users and roles as much as possible through the Hasura GraphQL API, for instance to update user profiles, allocate roles etc.
The missing endpoints so far are the ones related to password management, as password are encrypted in the database. I haven't decided yet whether I would put password modification, reset etc in the boilterplate, or if I would postgres functions that would be exposed through the graphql engine. The heavy lifting could then be handled by another service through a webhook (such as sending emails to reset password etc)
I don't know if that makes senses but I hope my two cents will help somehow. I drafted some limitations in my boilerplate readme and would be happy to get some help, especially about the JWKS endpoint as I am really stuck on this one.
Cheers
plmercereau
on 7 Feb 2019
Related issues
jjangga0214
路
3Comments
hooopo
路
3Comments
EmrysMyrddin
路
3Comments
revskill10
路
3Comments
codepunkt
路
3Comments
Most helpful comment
Maybe we should include these repo links in the
community/README.mdfile so it is searchable and easy to access for new users?