README
ΒΆ
Hasura Auth
Authentication for Hasura
Core Features
- π§βπ€βπ§ Users are stored in Postgres and accessed via GraphQL
- π Multiple sign-in methods.
- β¨ Integrates with GraphQL and Hasura Permissions
- π JWT tokens and Refresh Tokens.
- βοΈ Emails sent on various operations
- β Optional checking for Pwned Passwords.
Sign in methods
- Email and Password - simple email and password method.
- Email - also called passwordless email or magic link.
- SMS - also called passwordless sms.
- Anonymous - sign in users without any method. Anonymous users can be converted to regular users.
- OAuth providers: Facebook, Google, GitHub, Twitter, Apple, Azure AD, LinkedIn, Windows Live, Spotify, Strava, GitLab, BitBucket, Discord, WorkOS.
- Security keys with WebAuthn
Deploy Hasura Auth in Seconds
Use Nhost to start using Hasura Auth in seconds.
Using Docker-compose
git clone https://github.com/nhost/hasura-auth.git
cd hasura-auth/build/docker-compose
docker compose up
Building from Source
git clone https://github.com/nhost/hasura-auth.git
cd hasura-auth
go build -o hasura-auth main.go
./hasura-auth --help
Configuration
Read our configuration guide to customise the Hasura Auth settings.
Workflows
- Email and password
- Oauth social providers
- Passwordless with emails (magic links)
- Passwordless with SMS
- Anonymous users
- Change email
- Change password
- Reset password
- Refresh tokens
- Security keys with WebAuthn
JWT Signing
The JWT tokens can be signed with either a symmetric key based on HMAC-SHA or with asymmetric keys based on RSA. To configure the JWT signing method, set the environment variable HASURA_GRAPHQL_JWT_SECRET which should follow the same format as Hasura with a few considerations:
- Only
HSandRSalgorithms are supported. - If using
RSalgorithm, the public key should be in PEM format. - If using
RSalgorithm, the private key should be in PKCS#8 format inside an extra fieldsigning_key. - If using
RSalgorithm, an additional fieldkidcan be added to specify the key id in the JWK Set.
When using asymmetric keys, you can get the JWK Set from the endpoing .well-known/jwks.json.
Recipes
- Extending Hasura's permissions with Custom JWT claims
- Extending the user schema
Reference
- CLI options and configuration available in the CLI documentation.
- The service comes with an OpenAPI definition which you can also see online.
- Database Schema
Show your support
Give a βοΈ if this project helped you!
π License
This project is MIT licensed.
Documentation
ΒΆ
There is no documentation for this package.
Source Files
Directories
ΒΆ
| Path | Synopsis |
|---|---|
|
go
|
|
|
api
Package api provides primitives to interact with the openapi HTTP API.
|
Package api provides primitives to interact with the openapi HTTP API. |
|
controller/mock
Package mock is a generated GoMock package.
|
Package mock is a generated GoMock package. |
|
notifications
The contents of this files are modified libraris from the Go standard library.
|
The contents of this files are modified libraris from the Go standard library. |
Click to show internal directories.
Click to hide internal directories.