Universal Authentication and Authorization with AuthGuardian
AuthGuardian allows developers to easily, visually describe the auth rules for our app, API, or service.
In just a few minutes, we can use it to:
- Set a user's username to their GitHub login
- Set a user's email to their Spotify email
- Set a user's Hasura role based on their GitHub organizations
- Set a user's Netlify role based on their Salesforce email domain
- Set a user's discount based on their GitHub commits to a repository
The generated JWTs (JSON web token) can be used for any service that supports JWTs!
Check out out our introductory video on AuthGuardian
AuthGuardian Rules
At its core, AuthGuardian is a set of rules, each of which has two parts:
- Conditions: The guards for this rule, each of which must be true in order to pass.
- Effects: The changes to make to the token
We can read each rule as a sentence:
Rule 1: Has this user contributed a pull request to the OneGraph organization on GitHub?
If so, then set the
user.discount
property to0.1
AND set theiruser.id
to the build-in value ofGITHUB_USER_ID
Rule 2: Is this user logged into Spotify?
If so, then set the
user.email
property to the built-in value ofSPOTIFY_EMAIL
When we ask our users to log into any service, all of these rules will run, and any that pass will have their effects added to the JWT.
If the user has contributed a pull request to any OneGraph
repository on GitHub, and they're logged into Spotify, then the generated token would be:
{
"iss": "OneGraph",
"aud": "https://serve.onegraph.com/dashboard/app/00000000-0000-0000-0000-000000000000",
"iat": 1577836459,
"exp": 1577922859,
"user": {
"id": 42,
"email": "ilovespotify@gmail.com",
"discount": 0.1
}
}
Activating AuthGuardian
Once you've configured your rules, simply save them. You'll be prompted to activate them, and you're finished!
From now on, any user who logs into your application via onegraph-auth
will
have a token that follows all the rules you've declared.