Hasura is a free, open-source project that can be pointed at any PostgresQL database to provide an instant, real-time GraphQL server.
From their site:
The Hasura GraphQL Engine is a free, open-source, blazing-fast GraphQL server that gives you instant, realtime GraphQL APIs over Postgres, with webhook triggers on database events, and remote schemas for business logic
Hasura Security and access-control
In order to safely expose our PostgreSQL database to the internet, Hasura provides a robust role-based permissions system with excellent documentation.
With their web-based console, we can quickly configure permissions on tables to make sure users can only see information belonging to them, can only update rows if they're an
AuthGuardian support for Hasura
AuthGuardian has built-in support for generating Hasura-permission compatible JWTs. There are three quick options:
- Set Hasura
- Set default Hasura role
- Add allowed Hasura roles
Notice how in each case, AuthGuardian knows where in the JWT to insert the data so that Hasura can find it.
If we want to use GitHub as the primary sign-on for our Hasura app, we can simply configure AuthGuardian with the following rules:
Set the default Hasura role
These rules specify that our users who are members of the GitHub organization
OneGraph should have the
admin role by default:
Allow additional Hasura roles
We may want to allow users to exercise different roles in our Hasura application, in which case we can configure AuthGuardian:
We can of course add allowed roles based on all sorts of information available to OneGraph, and make the built-in values available to Hasura during query execution time.
If we need further extensibility, or to pull in additional data from other data stores, we can always use the advanced JWT webhook customization approach.
Have Hasura-specific questions? Check out their excellent community support platform one Discord!
It's not necessary to know when using OneGraph AuthGuardian and Hasura together, but you can read more about Hasura's JWT implementation if you're interested.