Setup Auth0 Authentication in Hasura

Helpful Snippets

Here are some of the text resources to help follow along in the video.

The docker-compose.yaml to spin up Hasura. Just make sure you are replacing the [YOUR_DOMAIN] with the domain from Auth0.

version: "3.6"
services:
  postgres:
    image: postgres:12
    restart: always
    volumes:
      - db_data:/var/lib/postgresql/data
    environment:
      POSTGRES_PASSWORD: postgrespassword
  graphql-engine:
    image: hasura/graphql-engine:v2.0.1
    ports:
      - "8080:8080"
    depends_on:
      - "postgres"
    restart: always
    environment:
      HASURA_GRAPHQL_METADATA_DATABASE_URL: postgres://postgres:postgrespassword@postgres:5432/postgres
      DATABASE_URL: postgres://postgres:postgrespassword@postgres:5432/postgres
      HASURA_GRAPHQL_ENABLE_CONSOLE: "true" # set to "false" to disable console
      HASURA_GRAPHQL_DEV_MODE: "true"
      HASURA_GRAPHQL_ENABLED_LOG_TYPES: startup, http-log, webhook-log, websocket-log, query-log
      HASURA_GRAPHQL_ADMIN_SECRET: admin_secret
      HASURA_GRAPHQL_JWT_SECRET: '{"type":"RS256","jwk_url": "https://[YOUR_DOMAIN].us.auth0.com/.well-known/jwks.json"}'
volumes:
  db_data:

The action flow code.

exports.onExecutePostLogin = async (event, api) => {
  const allowedRoles = (event.authorization && event.authorization.roles) || [];

  if (allowedRoles.length && event.user.email_verified) {
    api.idToken.setCustomClaim("https://hasura.io/jwt/claims", {
      "x-hasura-default-role": allowedRoles[0],
      "x-hasura-allowed-roles": allowedRoles,
      "x-hasura-user-id": event.user.user_id,
    });
  } else {
    api.access.deny("Email not verified");
  }
};

Finally the URL to test your Auth0 login to generate a token.

https://[YOUR_DOMAIN].us.auth0.com/authorize?response_type=id_token&redirect_uri=http://localhost:3000&client_id=[CLIENT_ID]&nonce=123