How do you test out Hasura authorization?

3.1k views Asked by At

If I disable x-hasura-admin-secret in the Dashboard, and add Authorization: Bearer a_jwt_encoded_with_a_HASURA_GRAPHQL_JWT_SECRET_and_the_hasura_custom_claims

Then I keep getting these toast notifications:

Schema introspection query failed
x-hasura-admin-secret/x-hasura-access-key required, but not found

What am I missing? How can I test my permissions and such from within the Hasura GraphiQL explorer?


My HASURA_GRAPHQL_JWT_SECRET might be in the wrong place. I set it in Heroku (per how you used to have to do it).


I've updated the HASURA_GRAPHQL_JWT_SECRET to be defined in the Hasura project console's env vars, and have updated it to

{
    "key": "01234567890123456789012345678912",
    "type": "HS256"
}

But when I generate a JWT from that config and try it, it throws the same toast notifications...

1

There are 1 answers

0
Jesse Carter On BEST ANSWER

In my experience the easiest way to test permissions is to leave the admin secret in place and then just set the relevant headers.

Generally you just add additional headers for x-hasura-role and x-hasura-user-id and any other session variables that are relevant for your app.

In the screenshot below you can see that I've explicitly set these values. Any query that you run will be evaluated based on the permissions associated with the role (in my case its organization-admin)

This is especially useful if you want to be able to use the Analyze functionality to do query profiles that take permissions into account.

hasura console