Edit on GitHubRules for Custom JWT Claims
Custom claims inside the JWT are used to tell Hasura about the role of the caller, so that Hasura may enforce the necessary authorization rules to decide what the caller can and cannot do.
In the Auth0 dashboard, click on the Auth Pipeline menu option on the left and then click the Rules link (or follow this direct link).
Click on the + Create Rule button. In the next screen, select the Empty rule template.
Name the rule as hasura-jwt-claims.
Add the following script to the rule.
function (user, context, callback) {const namespace = "https://hasura.io/jwt/claims";context.accessToken[namespace] ={'x-hasura-default-role': 'user',// do some custom logic to decide allowed roles'x-hasura-allowed-roles': ['user'],'x-hasura-user-id': user.user_id};callback(null, user, context);}
After adding the script, click on the "SAVE CHANGES" button.
Did you find this page helpful?
Start with GraphQL on Hasura for Free
Build apps and APIs 10x faster- Built-in authorization and caching
- 8x more performant than hand-rolled APIs
© 2023 Hasura Inc. All rights reserved
