Graphql-engine: Allow users to login to Hasura console with a username and password
While the console is great for an administrator, we also see a need for our API to have a UI to our customer service team to manage items in the API. There are typically two approaches to this:
- Build the API and then a new UI with Nuxt JS to consume the API
- Allow certain members access to the Hasura console by sharing the key
Both of these approaches have downsides, for option 1 we would need to add an additional code repository, environment and comes with consistent maintenance. This kind of _goes against_ the benefits of Hasura (e.g. we don't write code to consume our API). The second approach has unlimited security concerns, I don't think we need to really hash those out.
I would recommend a different approach, as the main benefit of Hasura is writing less code, it would be an amazing feature to allow users to login with their username and password and create a JWT based on their roles which would then be used to access the UI. Allowing both options to really exist, if the users access the UI/console based on the defined permissions and if the project determined that it needs a dedicated UI - it is already ready based on the JWT based roles.
This may be related to or dependent on #587?
jasonmccallister
All 2 comments
@jasonmccallister for this use case you can use React-Admin to create a UI around Hasura API and Hasura has a official data provider for React-Admin (Thanks to friendly community and @praveenweb). You can find more detail about this connector here:
https://github.com/hasura/graphql-engine/tree/master/community/tools/ra-data-hasura
Now React-Admin have more feature rather than Hasura console for non technical users. For example you have ReferenceInput and ReferenceArrayInput component there and able to enter relation with drop down or select2 based selector rather than id. (Related issue for vote-up this feature: #2296)
Also GraphiQL console, Event Trigger panel or Webhook aren't need for end users.
We also have an open proposal about this here
Related Issue and proposal about secret key management:
https://github.com/hasura/graphql-engine/issues/1995#issuecomment-482461232
Also you can join this Discord channel for knowledge sharing if you like to create apps with Hasura + KeyCloak + ReactAdmin + Metabase:
https://discordapp.com/channels/570876331441782796/570876331441782798
mnlbox
on 29 May 2019
@jasonmccallister Your use-case makes a tonne of sense.
This is something we've been thinking about deeply and there's a "add collaborator" feature that we're working on. It will allow collaborators to "login" and have scoped access to hasura metadata APIs. Allow API access but no edits on configuration, for example.
Extending this to also allow "end users" and not just collaborators would also be awesome, which would allow using the JWT. In which case, you'd only see the graphiql pane and not the others :)
cc: @shahidhk @dsandip @anandfeb25
coco98
on 29 May 2019
Related issues
marionschleifer
路
3Comments
anisjonischkeit
路
3Comments
jjangga0214
路
3Comments
coco98
路
3Comments
macalinao
路
3Comments
Most helpful comment
@jasonmccallister Your use-case makes a tonne of sense.
This is something we've been thinking about deeply and there's a "add collaborator" feature that we're working on. It will allow collaborators to "login" and have scoped access to hasura metadata APIs. Allow API access but no edits on configuration, for example.
Extending this to also allow "end users" and not just collaborators would also be awesome, which would allow using the JWT. In which case, you'd only see the graphiql pane and not the others :)
cc: @shahidhk @dsandip @anandfeb25