| sidebar_position | sidebar_label | description | keywords | seoFrontMatterUpdated | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
4 |
Service accounts |
Learn how to creata a public-access role that can view data without authentication. |
|
false |
import Tabs from "@theme/Tabs"; import TabItem from "@theme/TabItem";
In this tutorial, you'll learn how to configure a JWT or webhook to allow for admin-level access to data in your
supergraph. This can be done by passing hard-coded session variables that match the admin role in Hasura DDN.
:::info Prerequisites
Before continuing, ensure you have:
- A local Hasura DDN project.
- Either JWT or Webhook mode enabled in your AuthConfig.
:::
To make an admin-level request, shape your claims as follows: "https://hasura.io/jwt/claims": {
"x-hasura-default-role": "admin",
"x-hasura-allowed-roles": ["admin"],
}When the token is minted, it will include the hard-coded values and can be passed to act as an admin-level request to your supergraph.
:::info Your JWT claims should be unique for each role
When designing or implementing an auth server, it is best practice to generate JWTs with different claims for each user role so that each token enables the appropriate data access permissions for that user.
If you're unsure about setting up JWTs with Hasura, check out our tutorials for popular providers.
:::
To make an admin-level request, shape the response provided by your webhook as follows:HTTP/1.1 200 OK
Content-Type: application/json
{
"X-Hasura-Role": "admin",
}Create a new build of your supergraph:
ddn supergraph build local
Then, in a request, pass a header according to your authentication configuration. You should see all types and fields
available to the admin role.
In this guide, you learned how to expose all data in your supergraph to the admin role. While this is done by default,
you'll need to generate a JWT or include the session variables in your webhook response that will allow the request to
act as a service account.
As you continue building out your supergraph, keep in mind that authentication and authorization are crucial components. Always validate your configuration and regularly test your setup to ensure it functions as expected across different roles and environments.
- Permissions with Hasura DDN
- Auth with Hasura DDN