Does the CLAIMS-KEY have to be a url?

amaster507 · June 30, 2020, 6:57pm

From the docs: https://graphql.dgraph.io/authorization/

# Dgraph.Authorization HEADER CLAIMS-KEY ALGORITHM KEY

CLAIMS-KEY is the key inside the JWT that contains the claims relevant to Dgraph auth

# Dgraph.Authorization X-My-App-Auth https://my.app.io/jwt/claims HS256 "secretkey"

…expect[s] the JWT to contain custom claims object "https://my.app.io/jwt/claims": { ... } with the claims used in authorization rules.

The example given uses a URL (to a non-existent domain) for the CLAIMS-KEY.

Is there any reason why I should use a URL instead of my own custom variable name such as data or variables? Is there an alternative purpose of using a URL here? If I use my own domain name what if anything should be the endpoint of that URL?

pawan · July 2, 2020, 1:06pm

Hi @amaster507

The custom claims key can be anything. It doesn’t have to be a URL. We don’t check that it is a valid URL. It is usually used to have some distinction between claims belonging to different endpoints. Whatever is specified in the schema would be used to extract the variables.

Topic		Replies	Views
GraphQL authorization using standard claims GraphQL kind:enhancement , status:accepted , ticket:created	14	2182	April 22, 2021
About Dgraph.Authorization and @auth GraphQL	10	1048	November 28, 2021
Using Auth0 - Graphql Documentation	5	854	February 23, 2021
Is it possible to read the rest of the data inside JWT GraphQL kind:question	3	827	April 22, 2021
@Auth variable from header value not from header JWT GraphQL	6	935	January 2, 2021

Does the CLAIMS-KEY have to be a url?

Related topics