Skip to content

Latest commit

 

History

History
109 lines (82 loc) · 3.21 KB

noauth-mode.mdx

File metadata and controls

109 lines (82 loc) · 3.21 KB
sidebar_position description keywords
5
Learn how to enable and use NoAuth mode in Hasura DDN for testing or development purposes.
Hasura
NoAuth mode
authentication
supergraph
API

import Thumbnail from "@site/src/components/Thumbnail";

NoAuth

Introduction

NoAuth mode is a simple way to run your Hasura DDN instance without authentication. This is useful for testing or development purposes or to run your Hasura supergraph API endpoint as fully public without any authentication.

:::danger Production Warning

Using NoAuth mode in production environments is not advisable unless you intend for your API to be completely public. If your Hasura DDN supergraph contains any sensitive data, you should enable authentication and avoid using NoAuth mode in production.

:::

When you create a new Hasura DDN project with the ddn supergraph init command, noAuth mode is enabled by default.

Enabling NoAuth Mode

Step 1. Update your AuthConfig

On a default, standard new Hasura DDN project you will find an AuthConfig file in your config directory already configured for noAuth mode.

kind: AuthConfig
version: v3
definition:
  mode:
    noAuth:
      role: admin
      sessionVariables: {}

role

The role to be assumed while running the engine in noAuth mode. If you intend for your production API to be fully public, you can set this to a value such as public or anonymous so that it's explicit. Read more about the Role value

sessionVariables

Static session variables that will be used while running the engine without authentication. This is helpful when you want to test requests using particular session variables, such as x-hasura-user-id with a non-admin role. Read more about the SessionVariables value

Step 2. Check permissions

On a default, standard new Hasura DDN project you will find permissions such as the below for an example Posts model:

kind: TypePermissions
version: v1
definition:
  typeName: Posts
  permissions:
    - role: admin
      output:
        allowedFields:
          - authorId
          - content
          - postId
          - title
kind: ModelPermissions
version: v1
definition:
  modelName: Posts
  permissions:
    - role: admin
      select:
        filter: null
        allowSubscriptions: true

You can see that the admin role has full access to the Posts model with no filtering in the ModelPermissions and all fields being allowed in the TypePermissions.

Step 3. Build your supergraph

ddn supergraph build local

Step 4. Make an un-authenticated request

ddn console --local

If you click on the Authorization tab in the console, you can see that NoAuth mode is enabled and for this request, the static session variables are not being used and all fields and data are being returned.