You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Sep 23, 2020. It is now read-only.
Humeur du mois needs a remote schema to perform actions like casting a vote, as it can't be entrusted to the user. Right now we think this can't be using the users JWT and would rather use and userId that has administrator privileges, problem is that this user could have access to the rest of the database and it exposes the whole system to privilege elevation.
We need to find a way to get the JWT token on remote schemas too and define a permission to modify data
The text was updated successfully, but these errors were encountered:
Since this is a thing
We can define permissions for a role like "Collaborator" to insert a vote, the remote schema will do the verification and forward the JWT back to Hasura when doing the mutation
Additionally, we want the JWT to include the application ID it came from so an application can only mutate its own data
Ok so each app has it's own namespace in the database which means roles have to be declared as applicationNamespace_role. Auth0 will send this during authentication, so the roles defined in schema have to be the same
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The example:
Humeur du mois needs a remote schema to perform actions like casting a vote, as it can't be entrusted to the user. Right now we think this can't be using the users JWT and would rather use and userId that has administrator privileges, problem is that this user could have access to the rest of the database and it exposes the whole system to privilege elevation.
We need to find a way to get the JWT token on remote schemas too and define a permission to modify data
The text was updated successfully, but these errors were encountered: