We just added a new jwt provider type!
From today you can use any user management service or authentication library that generates symmetric JWTs with your Grafbase backend.
JWT based authorization can be enabled by providing the shared secret to the jwt provider inside of the @auth directive:
# grafbase/schema.graphql
schema
@auth(
providers: [
{
type: jwt
issuer: "{{ env.ISSUER_URL }}"
secret: "{{ env.JWT_SECRET }}"
}
]
rules: [{ allow: private }]
) {
query: Query
}
You will want to use environment variables for the issuer and secret values above. You can set these inside grafbase/.env when working locally too.
Here's some examples of how to generate JWTs that could be used to authenticate:
import {
getNumericDate,
create as jwtCreate,
} from 'https://deno.land/x/djwt@v2.0/mod.ts'
// Same secret in Grafbase environment variables
const secret = 'MySuperSecretKey123!'
const claims = {
iss: 'https://example.com',
sub: 'user_1234',
iat: getNumericDate(new Date()),
exp: getNumericDate(30 * 60),
groups: ['admin'],
}
const token = await jwtCreate({ alg: 'HS512', typ: 'JWT' }, claims, secret)
const response = await fetch('GRAFBASE_API_URL', {
headers: {
authorization: `Bearer ${token}`,
},
body: JSON.stringify({
query: '...',
}),
})
const data = await response.json()
We'd love to hear your feedback and ideas, so join us on Discord.
- Grafbase CLI 0.13.0 has been released to include all of the above.