Auth plugin question #670

smolinari · 2021-11-27T19:54:15Z

smolinari
Nov 27, 2021

Hey,

in the docs for the Auth plugin, there is this code.

app.register(mercuriusAuth, {
  // Load the permissions into the context from the request headers
  authContext (context) {
    const permissions = context.reply.request.headers['x-user'] || ''
    return { permissions }
  },

What is meant by and how are the permissions added to the request headers?

Scott

mcollina · 2021-11-28T10:53:42Z

mcollina
Nov 28, 2021
Maintainer

This is a good question. The way I usually implement this is by getting the information from a JWT token. I think a more comprehensive example/blog post/tutorial is in order.

1 reply

smolinari Nov 28, 2021
Author

For sure. Hey, if you know the user permissions are going to be fairly extensive, would you still put them into the JWT? I'm planning to cache the permissions per user as they log in, because the permissions could get hefty, even per user.

Scott

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Auth plugin question #670

{{title}}

Replies: 1 comment 1 reply

{{title}}

{{title}}

Select a reply

Auth plugin question #670

smolinari Nov 27, 2021

Replies: 1 comment · 1 reply

mcollina Nov 28, 2021 Maintainer

smolinari Nov 28, 2021 Author

smolinari
Nov 27, 2021

Replies: 1 comment 1 reply

mcollina
Nov 28, 2021
Maintainer

smolinari Nov 28, 2021
Author