https://supabase.com/ logo
Join Discord
Powered by
Hello, i will like to migrate from hasura+firebase...
# off-topic
l
Hello, i will like to migrate from hasura+firebase auth to supabase I would like to migrate little by little, starting by deleting the firebase auth system to use the supabase auth But my hasura server requires a custom claims in the token on order to authorize request, but I don't know how to enrich the custom claims of the jwt on supabase... Has anyone managed to do this before?
b
This is a great question. Let me investigate this with our auth team.
I'll wait for more input from the team. but I found this thread interesting (parts of it are outdated but the last post may be of interest): https://github.com/supabase/supabase/discussions/1849#discussioncomment-2508935
l
thanks, i will check that 🙂
b
There may be an easier way to do this now, I'll find out.
l
maybe with a pg trigger
b
No, triggers work on the database, but this is done at the jwt level.
You can write a function to make it easier to read the claim, like that thread shows:
Copy code
-- Gets some custom claim from the request JWT
create or replace function auth.someclaim() returns uuid as $$
  select nullif(current_setting('request.jwt.claim.someclaim', true), '')::uuid;
$$ language sql stable;
but the jwt is passed as part of the http request
l
so i need a http backend in order to add the custom claims in my token
b
Not necessarily
Postgrest is your api (http backend) and it's already running
l
so I probably have to use the pgjwt extension to put in my claims the result of a sql function that will give me the role of the user from my role table ?
b
I'll have to see what the auth team recomends
What's the business use case here? Can you describe what you're trying to accomplish?
l
I have a table user__organization which make the mapping between user + role and organization In hasura, when i call the api it read the role in the jwt custom claims in order to allow / disallow some action (insert, update, etc...) Currently i use firebase cloud function which help me to do that and i want to migrate the auth system (with oauth) from firebase to supabase
The final goal is to migrate from hasura to supabase
b
You might be able to handle this in a simple postgresql trigger function that checks the current user against the user_organization table before allow certain actions.
Ok, you can create custom claims in supabase using a user's 
app_metadata
. You would need a function to write this data to the user's record (and it would require the service token, since it's a server process). https://supabase.com/docs/reference/javascript/auth-api-updateuserbyid#updates-a-users-app_metadata
So you'd write the custom claims into the JSONB field 
auth.users->'app_metadata'
To read the data in that field, you could write a function like this:
Copy code
CREATE OR REPLACE FUNCTION get_my_claims() RETURNS "jsonb"
    LANGUAGE "sql" STABLE
    AS $$
  select 
      coalesce(nullif(current_setting('request.jwt.claims', true), '')::jsonb -> 'app_metadata', '{}'::jsonb)::jsonb
$$;
I'm working on this, if you want to give it a look: https://github.com/supabase-community/supabase-custom-claims
PreviousNext
Powered by