Does the CLAIMS-KEY have to be a url?

From the docs:


  • CLAIMS-KEY is the key inside the JWT that contains the claims relevant to Dgraph auth

# Dgraph.Authorization X-My-App-Auth HS256 "secretkey"

…expect[s] the JWT to contain custom claims object "": { ... } with the claims used in authorization rules.

The example given uses a URL (to a non-existent domain) for the CLAIMS-KEY.

Is there any reason why I should use a URL instead of my own custom variable name such as data or variables? Is there an alternative purpose of using a URL here? If I use my own domain name what if anything should be the endpoint of that URL?

Hi @amaster507

The custom claims key can be anything. It doesn’t have to be a URL. We don’t check that it is a valid URL. It is usually used to have some distinction between claims belonging to different endpoints. Whatever is specified in the schema would be used to extract the variables.

1 Like