Download tutorial as e-book ⚡️
Hasura Con
Workshop | June 30, 2022 | 08:00 AM PST
Learn how to use Hasura from the engineers who built it! Join our live workshop
Register Now
Hasura Con

Rules for Custom JWT Claims

Custom claims inside the JWT are used to tell Hasura about the role of the caller, so that Hasura may enforce the necessary authorization rules to decide what the caller can and cannot do. In the Auth0 dashboard, click on the Auth Pipeline menu option on the left and then click the Rules link (or follow this direct link).

Click on the + Create Rule button. In the next screen, select the Empty rule template.

Name the rule as hasura-jwt-claims.

Add the following script to the rule.

function (user, context, callback) {
const namespace = "";
context.accessToken[namespace] =
'x-hasura-default-role': 'user',
// do some custom logic to decide allowed roles
'x-hasura-allowed-roles': ['user'],
'x-hasura-user-id': user.user_id
callback(null, user, context);

Custom JWT Claims Rule

After adding the script, click on the "SAVE CHANGES" button.

Did you find this page helpful?
Start with GraphQL on Hasura for Free
  • ArrowBuild apps and APIs 10x faster
  • ArrowBuilt-in authorization and caching
  • Arrow8x more performant than hand-rolled APIs
footer illustration
Brand logo
© 2022 Hasura Inc. All rights reserved