Graphql-engine: support arrays in custom JWT claims

Hi @litchfield, we already have a PR in the works which adds support for arrays in session variables. I am guessing that would cover this case too.

@nizar-m @ecthiender Will https://github.com/hasura/graphql-engine/pull/1799 cover this use case too?

It should. Related issue #1333 .

@shahidhk @nizar-m

Closing this issue now. @litchfield feel free to re-open, should the related issue not solve your problem 🙂

Reopening, as this was never implemented. This was closed by mistake, I am guessing.

PS: It was implemented in #1799 but that never got merged. Instead #2475 got merged which did not add support for this.

Is there any workaround at least for this feature?
I'm using v1.0.0-beta.8 and I I need to filter by allowed organizations too and getting the same message:

{"errors":[{"extensions":{"path":"$","code":"jwt-invalid-claims"},"message":"x-hasura-* claims: expected Text, encountered Array"}]}

:'(

@celvin This might be of help https://docs.hasura.io/1.0/graphql/manual/auth/authorization/roles-variables.html#format-of-session-variables

+1 — Need this functionality as well.

I have sessioned users who need access to team data in multiple teams. A x-hasura-team-ids array of team.id strings would make this doable. Currently no way of allowing access to multiple team data without this functionality.

@rikinsk That section mentions use of arrays, but it is not doable in beta.9.

CC @ecthiender Any ETA?

Edit: I managed to get around with a public view, but concerned I may hit another snag without session arrays.

@0x777 Any updates here?

FYI, the array value can be sent as Postgres array literal which looks like "x-hasura-array-val": "{t1,t2,t3}". This issue is for supporting the format [t1,t2,t3].

Need this feature,

otherwise, for a multi-tenant app, you might need to write Hasura Action for every query/mutation out there...

Any update on this?

In the documentation:

You can find this is allowed for x-hasura-allowed-roles:

{
  "sub": "1234567890",
  "name": "John Doe",
  "admin": true,
  "iat": 1516239022,
  "https://hasura.io/jwt/claims": {
    "x-hasura-allowed-roles": ["editor","user", "mod"],
    "x-hasura-default-role": "user",
    "x-hasura-user-id": "1234567890",
    "x-hasura-org-id": "123",
    "x-hasura-custom": "custom-value"
  }
}

So why we can not use it for the other claims?

Furthermore, the Postgres Array type is not a valid JSON format, one needs to manipulate JSON string to get it work. Not to mention, when work with AWS, which does not support JSON typed claims, so you have to pass a JSON string, and in that JSON string, we can only put a stringfied array there, like "{1,2,3}", because otherwise, JSON.stringfy won't even work., will this stringfied array still work?

Not sure if this helps I use something like this with nodejs , it will only works for the strings tho

function toPgArray(arr) {
  const m = arr.map(e=> `"${e}"`).join(",")
  return `{${m}}`
}

const ids = ["e63baafd-a10f-4d88-8828-0d423d698522"];
toPgArray(ids) 

results in

{
  "https://hasura.io/jwt/claims": {
  "sub": "1234567890",
  "name": "John Doe",
  "admin": true,
  "iat": 1516239022,
    "x-hasura-allowed-organisations": "{\"e63baafd-a10f-4d88-8828-0d423d698524\"}"
  }
}

the other solution would be to make proxy service that can convert arrays in claim to pg array format