New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authorization Webhooks #6868
Comments
Hi all, We have been evaluating Hasura for our infrastructure for quite a while and concluded that this is the only feature that is holding us back to deploy Hasura. The issue is that in our system, different tenants have different roles and abilities/permissions. Using a webhook for authorization would be a great idea and we could implement our custom auth. Are there any plans? @tirumaraiselvan @vaishnavigvs @0x777 Thanks! EditIf there are any "hacks" or workarounds known, happy to implement them as a temporary solution. |
Update: I was thinking that we could use the "Authentication Webhooks" feature and perform the Authorization check there. As stated in the docs:
It's not ideal, but a possibility, I'll keep on searching. UpateIt got super hard and the more I try to integrate our Authorization logic, the more I realize it will not work with the above mentioned scenario. Altough another idea came that we could front the Hasura instances with our own GraphQL server and then, the backend teams would prepare the queries and mutations for the frontend teams and in this way we can add as much authorization logic as required. |
Great to have an integration with OPA or a Webhook. I would appreciate any response on this feature |
https://blog.openpolicyagent.org/write-policy-in-opa-enforce-policy-in-sql-d9d24db93bf4
It's an interesting thought! |
While OPA is great, don't you think that we should keep the webhook as generic and open as possible? |
Hello!
Hasura right now allows you to offload its authentication functionality to an external server via its webhook functionality.
It would be very helpful to developers on medium to large scale apps for Hasura to provide an authorization webhook, which could essentially help use tools such as OpenPolicyAgent, allowing reuse of authorization logic. Otherwise, a proper integration with OPA would also be very helpful.
Thanks!
The text was updated successfully, but these errors were encountered: