Hanzo
PlatformHanzo IAMIntegrationsHaskell

Hasura

Deploy Hanzo IAM first (see Server installation). Then configure the application and Hasura as below.

Configure Hanzo IAM application

  1. Create or use an existing Hanzo IAM application.
  2. Add a redirect URL: http://IAM_HOSTNAME/login Hanzo IAM Application Setting
  3. Copy the client ID; we will need it in the following steps.

Add a user in Hanzo IAM

Create a user and assign a role to the application.

Go to UsersAdd user to open the new-user page.

Picture showing the users page

Save the user after adding a username and adding the organization Hasura (other details are optional).

Set a password via "Manage your password".

Choose a password for your user and confirm it.

Build the Hasura App

Start the Hasura by Docker or Hasura Cloud.

Now create a users table with the following columns:

  • id of type Text (Primary Key)
  • username of type Text

Refer to the image below for reference.

Picture showing how to create a table in Hasura

The next step is to create a user role for the app. Users should be able to see only their records but not other people's records.

Configure the user role as shown in the image below. For more information, read about configuring permission rules in Hasura.

Picture showing how to set permissions in Hasura

This way, users cannot read other people's records. They can only access theirs.

For testing purposes, add a dummy user. This is to ensure that when you use the JWT token, you only see your user's details and not other users' details.

Picture showing how to add a table record in Hasura

Set JWT_SECRET in Hasura.

Configure Hasura with Hanzo IAM

Add HASURA_GRAPHQL_JWT_SECRET to Hasura.

To do so, go to the Hasura docker-compose.yaml and then add the new HASURA_GRAPHQL_JWT_SECRET as below.

The HASURA_GRAPHQL_JWT_SECRET should be in the following format. Remember to change <Hanzo IAM endpoint> to your own Hanzo IAM's URL (like https://iam.hanzo.ai)

HASURA_GRAPHQL_JWT_SECRET: '{"claims_map": {
      "x-hasura-allowed-roles": {"path": "$.roles"},
      "x-hasura-default-role": {"path": "$.roles[0]"},
      "x-hasura-user-id": {"path": "$.id"}
    },"jwk_url":"<Hanzo IAM endpoint>/.well-known/jwks"}'

Save the change and reload the docker.

![Add Clerk JWT URL to Hasura](/img/integration/Haskell/Hasura/JWT.png)

## Retrieve the JWT Token

With no client implementation, obtain an access token by calling:

```url
http://localhost:8000/oauth/authorize?client_id=<client ID>&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Flogin&scope=read&state=app-built-in<public certificate>>

Change `client ID` to the ID you copied before and input the public certificate of Hanzo IAM, from the Hanzo IAM **Certs** page.

Then input the username and password you created for Hasura before.

Click "Sign in"

![Retrieve the JWT Token](/img/integration/Haskell/Hasura/login.png)

Go back to the Hanzo IAM/Token page.

![Token Page](/img/integration/Haskell/Hasura/tokens.png)

Find the Username you input before, then click "edit"

Copy the Access Token

![Access Token](/img/integration/Haskell/Hasura/access.png)

Use the access token for authenticated requests; Hasura returns the matching user instead of all users.

![Picture showing the access token from Hanzo IAM being used in Hasura](/img/integration/Haskell/Hasura/hasura.png)

How is this guide?

Last updated on

APISIX

Using Hanzo IAM in APISIX

Overview

Sync users from external systems (databases, Azure AD, Keycloak, etc.) into Hanzo IAM.

On this page

Configure Hanzo IAM application
Add a user in Hanzo IAM
Build the Hasura App
Configure Hasura with Hanzo IAM