hasura/graphql-engine
1
0
Fork 0
mirror of https://github.com/hasura/graphql-engine.git synced 2024-12-15 17:31:56 +03:00
Code Issues Projects Releases Wiki Activity
c753426934
graphql-engine/docs/graphql/manual/auth/config.rst.wip
nizar-m f83a8e591f rename access-key to admin-secret (close #1347) (#1540) 
Rename the admin secret key header used to access GraphQL engine from X-Hasura-Access-Key to X-Hasura-Admin-Secret.

Server CLI and console all support the older flag but marks it as deprecated.
2019-02-14 15:07:47 +05:30

66 lines
2.5 KiB
Plaintext
Raw Blame History

Authorization modes
===================
You can run Hasura's GraphQL Engine in three modes:
1. No Authentication mode
^^^^^^^^^^^^^^^^^^^^^^^^^
- When ``--admin-secret`` and ``--auth-hook`` are not set
- It is useful when you're developing . It is not recommended to use in production but however you can have proxy gateway that will set (``X-Hasura-Admin-Secret``) header and other required ``X-Hasura-*`` headers.
Run server in this mode using following docker command.
.. code-block:: bash
docker run --name hasura-graphql-engine -p 9000:9000 \
--link hasura-postgres:postgres \
-d hasura/graphql-engine:latest graphql-engine \
--database-url \
postgres://postgres:mysecretpassword@postgres:5432/postgres \
serve --server-port 9000 --cors-domain "*"
2. Admin secret mode
^^^^^^^^^^^^^^^^^^^^
- When only ``--admin-secret`` is set. See :doc:`GraphQL Server Options <../deployment/options>`
- Server authenticates based on ``X-Hasura-Admin-Secret`` header and expects all other required ``X-Hasura-*`` headers.
Run server in this mode using following docker command.
.. code-block:: bash
docker run --name hasura-graphql-engine -p 9000:9000 \
--link hasura-postgres:postgres \
-d hasura/graphql-engine:latest graphql-engine \
--database-url \
postgres://postgres:mysecretpassword@postgres:5432/postgres \
serve --server-port 9000 --admin-secret myAdminSecretKey \
--cors-domain "*"
3. Admin secret key and Authorization webhook mode
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- When both ``--admin-secret`` and ``--auth-hook`` are set
- This mode is useful in production. When server founds ``X-Hasura-Admin-Secret`` header it ignores webhook and expects all other required ``X-Hasura*`` headers
- If ``X-Hasura-Admin-Secret`` header not found then server authenticaters through webhook. See :doc:`Authorization
Webhook <webhook>`
Run server in this mode using following docker command.
.. code-block:: bash
docker run --name hasura-graphql-engine -p 9000:9000 \
--link hasura-postgres:postgres \
-d hasura/graphql-engine:latest graphql-engine \
--database-url \
postgres://postgres:mysecretpassword@postgres:5432/postgres \
serve --server-port 9000 --admin-secret myAdminSecretKey \
--auth-hook http://myAuthhook/ --cors-domain "*"
Reference in New Issue View Git Blame Copy Permalink