Injecting more claims into operations inputs

Question

Injecting more claims into operations inputs

Twathik opened this issue 3 years ago · 3 comments

hello

I was trying WG fro a while now, I'm using keycloak as open id server, in keycloak we can specify custom claims and roles

for now we can inject some claims into operations, this will be very useful if we can extend the list of the current claims that we can inject in operations to all claims provided by open id, or even custom one,

I dont know if this will be possible regarding typing in graphql schemas

for exp keycloak user_id, first_name, last_name etc ..

as for exp

authProviders.openIdConnect({
    id: "keycloak", // you have to choose this ID
    clientId: "client-id", // client ID from Auth0
    clientSecret: process.env.client_secret || "", // client secret from Auth0
    issuer: "http://keycloak.local/auth/realms/Realm",
    claims : ["email", "first_name", "last_name", "user_id", "roles" ... ]
  }),

this claims can be used by the code generators to be available in the custom directive

Answer 1 · 2022-03-20T09:12:36.000Z

Do you have an example Query where you'd use a role claim?

Answer 2 · 2022-03-20T10:43:09.000Z

mutation (
  $email: String! @fromClaim(name: EMAIL)
  $roles: String[] @fromClaims(name: ROLES)
  $userId: String!
  $name: String!
  $lastName: String!
  $firstName: String!
) {
  usersDb_createOneUser(
    data: {
      email: $email
      roles: $roles
      userId: $userId
      name: $name
      lastName: $lastName
      firstName: $firstName
    }
  ) {
    id
  }
}

To persiste roles into the database,

This is only relevant when introspecting databases, as it is possible to implement this on the microservice it self, or in the post auth hook

All things considered, with a little workaround we can manage to persiste anyway

Thx for the replay

Answer 3 · 2022-03-20T10:51:36.000Z

Is roles always an array of strings? What if not?