Poolshark
(Flo Ragossnig)
August 9, 2021, 8:42am
1
Hello,
I have another question regarding auth rules in Dgraph. I have understood the concept of role based authentication via JWT claims. So a typical rule for a variable role
in the JWT would be:
type User auth(
query: { rule: "{ $role: { eq: \"ADMIN\" } }" }
) {
id: ID!
name: String
}
In my case I have a list of permissions in my JWT claim and I would like to check against a certain permission. Basically my list looks like:
permissions = [
"VIEW"
"ADD"
"DELETE"
]
and I thought I could do something like:
{ rule: "{ \"VIEW\": { in: $permissions } }" }
but that does not seem to be possible since "VIEW" is not a valid GraphQL variable
. Is there any way to do this without writing a custom resolver?
1 Like
pshaddel
(Poorshad Shaddel)
August 9, 2021, 11:12am
2
Hi @Poolshark
We implemented something similar. In your jwt payload you can repeat a key and as a result it becomes an array like this:
For example you can implement something like this:
type User auth(
query: { rule: "{ $permissions: { eq: \"view\" } }" }
update: { rule: "{ $permissions: { eq: \"edit\" } }" }
delete: { rule: "{ $permissions: { eq: \"delete\" } }" }
) {
id: ID!
name: String
}
3 Likes
rcbevans
(Rich Evans)
August 14, 2021, 10:48pm
3
To clarify,
rule: "{ $MyClaim: { eq: \"CheckValue\" } } "
checks that the “MyClaim” claim array contains the value “CheckValue”, and succeeds if it does, and fails if it doesn’t?
pshaddel
(Poorshad Shaddel)
August 15, 2021, 10:00am
4
Hi @rcbevans
Yes it does what you said.
1 Like