Graphql-engine: using HASURA_GRAPHQL_UNAUTHORIZED_ROLE and HASURA_GRAPHQL_AUTH_HOOK together

Created on 14 Jul 2019  路  4Comments  路  Source: hasura/graphql-engine

hello
in my application, am trying to allow anonymous users to access some tables, and the other tables need authorized users.
but when I use using HASURA_GRAPHQL_UNAUTHORIZED_ROLE and HASURA_GRAPHQL_AUTH_HOOK environment variables, the container log show the following error.

is there any workaround to have auth-hook and unauthorized-role in the same application?


Fatal Error: --unauthorized-role (HASURA_GRAPHQL_UNAUTHORIZED_ROLE) is not allowed when --auth-hook (HASURA_GRAPHQL_AUTH_HOOK) is set


{"timestamp":"2019-07-14T05:13:31.120+0000","level":"info","type":"startup","detail":{"kind":"serve_options","info":{"enable_allowlist":false,"auth_hook_mode":"GET","use_prepared_statements":true,"unauth_role":"anonymous","stringify_numeric_types":false,"enable_telemetry":true,"enable_console":true,"auth_hook":"http://10.10.10.29:3000","cors_config":{"allowed_origins":"*","disabled":false,"ws_read_cookie":null},"console_assets_dir":null,"admin_secret_set":true,"port":8080}}}
docs question
Source
picture mshanak
👍1

Most helpful comment

@mshanak You're not supposed to use unauthorized role and auth hook at the same time. You should use auth hook to return x-hasura-role: anonymous when the token is not present.

picture shahidhk on 14 Jul 2019
👍4

All 4 comments

@mshanak You're not supposed to use unauthorized role and auth hook at the same time. You should use auth hook to return x-hasura-role: anonymous when the token is not present.

shahidhk picture shahidhk on 14 Jul 2019
👍4

I'm closing this issue now. @mshanak if you have any follow-up questions, feel free to re-open 馃檪

marionschleifer picture marionschleifer on 23 Jul 2019

@shahidhk The documentation just says the opposite. says that you can and NEED to use them at the same time.
https://hasura.io/docs/1.0/graphql/manual/auth/authentication/unauthenticated-access.html

Therefore it is a bug

MaxmaxmaximusGitHub picture MaxmaxmaximusGitHub on 9 Jun 2020

@MaxmaxmaximusGitHub The docs is somewhat confused, but it isn't a bug. HASURA_GRAPHQL_UNAUTHORIZED_ROLE variable is only used with HASURA_GRAPHQL_JWT_SECRET. For authenticated webhook, you have full control, so HASURA_GRAPHQL_UNAUTHORIZED_ROLE is redundant.

I think we need improving the docs cc @marionschleifer

hgiasac picture hgiasac on 10 Jun 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

anisjonischkeit picture anisjonischkeit  路  3Comments
rikinsk-zz picture rikinsk-zz  路  3Comments
leoalves picture leoalves  路  3Comments
stereobooster picture stereobooster  路  3Comments
hooopo picture hooopo  路  3Comments