jwt claims_map #8653
-
|
I have the following configuration for claims_map.
This allows me to map the claims to the root of my token. This works well when I am running under the context of a user. However, when I run under the context of an application, there is no sub claim. Is there a way to map the sub claim if it is found, otherwise use the client_id claim? Here is an example of the token when run under the context of a user. Here is an example token when run under the context of the application.
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Conditionally mapping a single claim isn't possible. However, for your particular use case, we can suggest the following configuration: {
"claims_map": {
"x-hasura-default-role": { "path": "$$.x-hasura-default-role" },
"x-hasura-allowed-roles": { "path": "$$.x-hasura-allowed-roles" },
"x-hasura-user-id": { "path": "$$.sub", "default": "" },
"x-hasura-client-id": { "path": "$$.client_id", "default": "" }
}
}This configuration will allow you to parse auth tokens with or without To avoid issues in your permissions, you should define different roles, for example |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for this information. I can then use the x-hasura-user-id or x-hasura-client-id. |
Beta Was this translation helpful? Give feedback.
Conditionally mapping a single claim isn't possible.
However, for your particular use case, we can suggest the following configuration:
{ "claims_map": { "x-hasura-default-role": { "path": "$$.x-hasura-default-role" }, "x-hasura-allowed-roles": { "path": "$$.x-hasura-allowed-roles" }, "x-hasura-user-id": { "path": "$$.sub", "default": "" }, "x-hasura-client-id": { "path": "$$.client_id", "default": "" } } }This configuration will allow you to parse auth tokens with or without
client_idandsubclaims.When the claims are absent, they would default to empty strings.
To avoid issues in your permissions, you…