Skip to content

nhost/hasura-auth

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

Hasura Auth

Authentication for Hasura

license: MIT commitizen: friendly code style: prettier

Core Features

  • πŸ§‘β€πŸ€β€πŸ§‘ Users are stored in Postgres and accessed via GraphQL
  • πŸ”‘ Multiple sign-in methods.
  • ✨ Integrates with GraphQL and Hasura Permissions
  • πŸ” JWT tokens and Refresh Tokens.
  • βœ‰οΈ Emails sent on various operations
  • βœ… Optional checking for Pwned Passwords.

Sign in methods

  • Email and Password - simple email and password method.
  • Email - also called passwordless email or magic link.
  • SMS - also called passwordless sms.
  • Anonymous - sign in users without any method. Anonymous users can be converted to regular users.
  • OAuth providers: Facebook, Google, GitHub, Twitter, Apple, Azure AD, LinkedIn, Windows Live, Spotify, Strava, GitLab, BitBucket, Discord, WorkOS.
  • Security keys with WebAuthn

Deploy Hasura Auth in Seconds

Use Nhost to start using Hasura Auth in seconds.

Using Docker-compose

git clone https://github.com/nhost/hasura-auth.git
cd hasura-auth
cp .env.example .env
docker-compose -f docker-compose-example.yaml up

Configuration

Read our configuration guide to customise the Hasura Auth settings.

Workflows

JWT Signing

The JWT tokens can be signed with either a symmetric key based on HMAC-SHA or with asymmetric keys based on RSA. To configure the JWT signing method, set the environment variable HASURA_GRAPHQL_JWT_SECRET which should follow the same format as Hasura with a few considerations:

  1. Only HS and RS algorithms are supported.
  2. If using RS algorithm, the public key should be in PEM format.
  3. If using RS algorithm, the private key should be in PKCS#8 format inside an extra field signing_key.
  4. If using RS algorithm, an additional field kid can be added to specify the key id in the JWK Set.

When using asymmetric keys, you can get the JWK Set from the endpoing .well-known/jwks.json.

Recipes

Reference

🀝 Contributing

Contributions and issues are welcome. Please have a look at the developer's guide if you want to prepare a pull request.

Feel free to check the issues page.

Show your support

Give a ⭐️ if this project helped you!

πŸ“ License

This project is MIT licensed.