graphql-engine/community/boilerplates/auth-webhooks/python-flask
2018-10-12 17:06:21 +05:30
..
auth-webhook.py add auth-webhook boilerplate in python-flask (#714) 2018-10-12 17:06:21 +05:30
Dockerfile add auth-webhook boilerplate in python-flask (#714) 2018-10-12 17:06:21 +05:30
README.md add auth-webhook boilerplate in python-flask (#714) 2018-10-12 17:06:21 +05:30
requirements.txt add auth-webhook boilerplate in python-flask (#714) 2018-10-12 17:06:21 +05:30

Auth webhook using python-flask

A boilerplate authentication webhook for Hasura GraphQL Engine written in Python using Flask.

Run the webhook

Clone the repo

git clone https://github.com/hasura/graphql-engine
cd graphql-engine/community/boilerplates/auth-webhooks/python-flask

Run the webhook using any of the tree methods below:

Run locally

pip install -r requirements.txt
export FLASK_APP=auth-webhook.py
flask run

Webhook will be available at http://localhost:5000/auth-webhook

Using Docker

docker build -t hasura-auth-webhook .
docker run -p 5000:5000 hasura-auth-webhook

Webhook will be available at http://localhost:5000/auth-webhook

Deploy using Now

Install and configure now:

npm install -g now
now login

Deploy the webhook:

now

Webhook will be available at a url like https://python-flask-lrnfqprjcc.now.sh

Configure Hasura

Configure Hasura with the webhook url. You will need to set an access key to enable webhook.

When running Hasura as a docker container, localhost will point to the container itself, not the host machine. So, if you're running the webhook locally or as a container (not on a public url), you'll need to:

  1. Use docker network and keep Hasura and the webhook container in the same network so that webhook url will become http://container-id:5000/auth-webhook
  2. Linux: Bind both containers on host network (use --net=host with docker run) so that localhost will be the host's network itself. Here, webhook url will be http://localhost:5000/auth-webhook
  3. Mac: If webhook is running on the host, url will be http://host.docker.internal:5000/auth-webhook

Set the following environment variables for Hasura:

HASURA_GRAPHQL_ACCESS_KEY=mysecretaccesskey
HASURA_GRAPHQL_AUTH_WEBHOOK=http://localhost:5000/auth-webhook

All queries will be now validated through the webhook.

Read more on authentication and access control.