Sign up for Hasura Newsletter
Loading...

Setup Hasura JWT Parsing

Usually with Firebase Auth and Hasura we can use the standard JWK url as described here.

However, with Firebase Session cookies they need a different format which we'll have to add manually. Hopefully in the future this can improve.

  1. In login.tsx add console.log(cookie) after const cookie = await admin.auth().createSessionCookie(idToken, { expiresIn }); and go through the login process to get the cookie JWT token

  2. Open jwt.io and paste your JWT in.

  3. In the decoded headers section, note the kid: property. Take the value of that, open https://www.googleapis.com/identitytoolkit/v3/relyingparty/publicKeys, and find the public certificate that matches.

  4. We now build our Hasura JWT secret config

{"type":"RS256", "key": "<Firebase public cert from previous step>", "audience": "<firebase project id>", "issuer": "https://session.firebase.google.com/<firebase project id>", "claims_map": {"x-hasura-allowed-roles": ["user"], "x-hasura-default-role": "user", "x-hasura-user-id": {"path":"$.sub"} }}

By default, we assign a logged-in user the role of user using the claims map feature.

Save this config for an upcoming step.

Did you find this page helpful?
Start with GraphQL on Hasura for Free
  • ArrowBuild apps and APIs 10x faster
  • ArrowBuilt-in authorization and caching
  • Arrow8x more performant than hand-rolled APIs
Promo
footer illustration
Brand logo
© 2022 Hasura Inc. All rights reserved
Github
Titter
Discord
Facebook
Instagram
Youtube
Linkedin