Rules for Custom JWT Claims
Custom claims inside the JWT are used to tell Hasura about the role of the caller, so that Hasura may enforce the necessary authorization rules to decide what the caller can and cannot do. In the Auth0 dashboard, navigate to Rules.
Click on the + Create Rule
button. In the next screen, select the Empty rule
template.
Name the rule as hasura-jwt-claims
.
Add the following script to the rule.
function (user, context, callback) {const namespace = "https://hasura.io/jwt/claims";context.accessToken[namespace] ={'x-hasura-default-role': 'user',// do some custom logic to decide allowed roles'x-hasura-allowed-roles': ['user'],'x-hasura-user-id': user.user_id};callback(null, user, context);}
Get Started with GraphQL Now
Hasura Cloud gives you a fully managed, production ready GraphQL API as a service to help you build modern apps faster.