Skip to main content

Hasura Integration

Witboost uses Hasura to leverage GraphQL to perform read-only queries in certain cases (e.g. Marketplace module).

By default, Witboost builds a JWT token for each user that includes a set of Hasura claims. These claims are:

  • x-hasura-allowed-roles: that is the list of allowed roles for the user i.e. acceptable values of the x-hasura-role HTTP header. (See Hasura Authentication). This will be set to ['admin'] by default.
  • x-hasura-default-role: indicating the default role for that user i.e. the role that will be used in case x-hasura-role header is not passed. (See Hasura Authentication). This will be set to admin by default.

If those settings are not desired, you can specify two properties inside the values.yaml, so that Witboost will take them inside the JWT token.

Those properties are:

  • ui.appConfig.mesh.marketplace.hasuraClaims.x-hasura-default-role
  • ui.appConfig.mesh.marketplace.hasuraClaims.x-hasura-allowed-roles

See Configurations.

tip

Each user will take the same set of x-hasura-default-role and x-hasura-allowed-roles claims. Up to now it is not possible to differentiate the assignations.

The platform team can define permissions rules on the Hasura platform.

Rules follow a specific format. See Hasura documentation.