We just added a new authorizer provider type!
Developers building multi-tenant applications can now implement custom JWT verification using a custom function written in TypeScript or JavaScript.
import { auth, config, graph } from '@grafbase/sdk'
const g = graph.Standalone()
const authorizer = auth.Authorizer({
name: 'my-authorizer-function',
})
export default config({
graph: g,
auth: {
providers: [authorizer],
},
})
Then inside grafbase/auth/my-authorizer-function.ts you can use the context from the request to return a custom JWT that can specify the claims sub and groups which also work owner and group based rules.
export default function ({ request }) {
const { headers } = request
const jwt = headers['authorization']
// Verify JWT...
return { identity: { sub: 'user1', groups: ['g1'] } }
}
If the returned object does not contain the identity key, public auth will be used instead.
We'd love to hear your feedback and ideas, so join us on Discord.