Dynamically set X-Hasura-role in the claim with Firebase

Question

I'm using Hasura as my backend and Google's Firebase for auth in a React app. I have the following roles and constructs:

Manager - these are my paying customers. They can own 1 or more Team.
Employee - these are just normal users. They must be invited to be part of a Team by a Manager via email

Both Manager and Employee can sign in / sign up using their Google account or their own email/password.

I have the GraphQL models all set up with the correct relationship and everything. The only thing I can't figure out is how to set the x-hasura-role in Firebase function's hook.

How do I put business logic in this snippet? (i.e. how do I distinguish the Manager from the Employee role)

exports.processSignUp = functions.auth.user().onCreate(user => {
    const customClaims = {
        "https://hasura.io/jwt/claims": {
            "x-hasura-default-role": "manager",
            "x-hasura-allowed-roles": ["manager"], // ????????? how to check "employee"?
            "x-hasura-user-id": user.uid
        }
    };

    ...
})

Before adding the claims to the user you will need to query back Hasura and check if the email that was created has an invitation on it. IMO, this would be best if you created an Action or a Remote Schema to add the user, instead of using the onCreate webhook from Firebase. — Leonardo Alves, Jun 02 '20 at 13:32

Dynamically set X-Hasura-role in the claim with Firebase

0 Answers0