-
Notifications
You must be signed in to change notification settings - Fork 249
Auth plugin question
#670
-
Hey,
in the docs for the Auth plugin, there is this code.
app.register(mercuriusAuth, { // Load the permissions into the context from the request headers authContext (context) { const permissions = context.reply.request.headers['x-user'] || '' return { permissions } },
What is meant by and how are the permissions added to the request headers?
Scott
Beta Was this translation helpful? Give feedback.
All reactions
Replies: 1 comment 1 reply
-
This is a good question. The way I usually implement this is by getting the information from a JWT token. I think a more comprehensive example/blog post/tutorial is in order.
Beta Was this translation helpful? Give feedback.
All reactions
1 reply
-
For sure. Hey, if you know the user permissions are going to be fairly extensive, would you still put them into the JWT? I'm planning to cache the permissions per user as they log in, because the permissions could get hefty, even per user.
Scott
Beta Was this translation helpful? Give feedback.
All reactions
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment