Skip to main content
Version: PromptQL

NoAuth

Introduction

NoAuth mode is a simple way to run your Hasura DDN and PromptQL instance without authentication and is enabled by default. This is useful for testing or development purposes or to run your project as fully public without any authentication.

Production Warning

Using NoAuth mode in production environments is not advisable unless you intend for your application to be completely public. If your connected sources contain any sensitive data, you should enable authentication and avoid using NoAuth mode in production.

When you create a new project with the ddn supergraph init command, noAuth mode is enabled by default.

Enabling NoAuth Mode

Step 1. Update your AuthConfig

On default, in a standard new PromptQL project, you'll find an AuthConfig file in your globals directory already configured for noAuth mode.

An AuthConfig for noAuth mode:
kind: AuthConfig
version: v3
definition:
  mode:
    noAuth:
      role: admin
      sessionVariables: {}

role

The role to be assumed while running the application in noAuth mode. If you intend for your supergraph to be fully public, you can set this to a value such as public or anonymous so that it's explicit. Read more about the Role value

sessionVariables

Static session variables that will be used while running the application without authentication. This is helpful when you want to test requests using particular session variables, such as x-hasura-user-id with a non-admin role. Read more about the SessionVariables value

Step 2. Check permissions

On a default, standard new project you will find permissions such as the below for an example Posts model:

TypePermissions:
kind: TypePermissions
version: v1
definition:
  typeName: Posts
  permissions:
    - role: admin
      output:
        allowedFields:
          - authorId
          - content
          - postId
          - title
ModelPermissions:
kind: ModelPermissions
version: v1
definition:
  modelName: Posts
  permissions:
    - role: admin
      select:
        filter: null
        allowSubscriptions: true

You can see that the admin role has full access to the Posts model with no filtering in the ModelPermissions and all fields being allowed in the TypePermissions.

Step 3. Build your application

ddn supergraph build local

Step 4. Make an unauthenticated request

ddn console --local

You can query your data without any authentication.