Awesome
<h1 align="center">Hasura Auth</h1> <h2 align="center">Authentication for Hasura</h2> <p align="center"> <img src="https://img.shields.io/badge/version-2.2.1-blue.svg?cacheSeconds=2592000" /> <a href="LICENSE"> <img src="https://img.shields.io/badge/license-MIT-yellow.svg" alt="license: MIT" /> </a> <a href="https://commitizen.github.io/cz-cli"> <img src="https://img.shields.io/badge/commitizen-friendly-brightgreen.svg" alt="commitizen: friendly" /> </a> <a href="https://prettier.io"> <img src="https://img.shields.io/badge/code_style-prettier-ff69b4.svg" alt="code style: prettier" /> </a> <a href="https://github.com/nhost/hasura-auth/actions?query=workflow%Build+branch%3Amain+event%3Apush"> <img src="https://github.com/nhost/hasura-auth/workflows/Build/badge.svg?branch=main"/> </a> <a href="https://codecov.io/gh/nhost/hasura-auth/branch/main"> <img src="https://codecov.io/gh/nhost/hasura-auth/branch/main/graph/badge.svg" /> </a> </p>Core Features
- 🧑🤝🧑 Users are stored in Postgres and accessed via GraphQL
- 🔑 Multiple sign-in methods.
- ✨ Integrates with GraphQL and Hasura Permissions
- 🔐 JWT tokens and Refresh Tokens.
- ✉️ Emails sent on various operations
- ✅ Optional checking for Pwned Passwords.
Sign in methods
- Email and Password - simple email and password method.
- Email - also called passwordless email or magic link.
- SMS - also called passwordless sms.
- Anonymous - sign in users without any method. Anonymous users can be converted to regular users.
- OAuth providers: Facebook, Google, GitHub, Twitter, Apple, Azure AD, LinkedIn, Windows Live, Spotify, Strava, GitLab, BitBucket, Discord, WorkOS.
- Security keys with WebAuthn
Deploy Hasura Auth in Seconds
Use Nhost to start using Hasura Auth in seconds.
Using Docker-compose
git clone https://github.com/nhost/hasura-auth.git
cd hasura-auth
cp .env.example .env
docker-compose -f docker-compose-example.yaml up
Configuration
Read our configuration guide to customise the Hasura Auth settings.
Workflows
- Email and password
- Oauth social providers
- Passwordless with emails (magic links)
- Passwordless with SMS
- Anonymous users
- Change email
- Change password
- Reset password
- Refresh tokens
- Security keys with WebAuthn
JWT Signing
The JWT tokens can be signed with either a symmetric key based on HMAC-SHA
or with asymmetric keys based on RSA
. To configure the JWT signing method, set the environment variable HASURA_GRAPHQL_JWT_SECRET
which should follow the same format as Hasura with a few considerations:
- Only
HS
andRS
algorithms are supported. - If using
RS
algorithm, the public key should be in PEM format. - If using
RS
algorithm, the private key should be in PKCS#8 format inside an extra fieldsigning_key
. - If using
RS
algorithm, an additional fieldkid
can be added to specify the key id in the JWK Set.
When using asymmetric keys, you can get the JWK Set from the endpoing .well-known/jwks.json
.
Recipes
- Extending Hasura's permissions with Custom JWT claims
- Extending the user schema
Reference
- List of the available environment variables.
- The service comes with an OpenAPI definition which you can also see online.
- Database Schema
🤝 Contributing
Contributions and issues are welcome. Please have a look at the developer's guide if you want to prepare a pull request.
Feel free to check the issues page.
Show your support
Give a ⭐️ if this project helped you!
📝 License
This project is MIT licensed.