top | item 40640755

(no title)

billllll | 1 year ago

Am I missing something or is step 3 missing some steps to validate the JWT and define the current_user_id() function?

Taking a look at the docs here:

https://postgrest.org/en/v12/references/auth.html

https://postgrest.org/en/v12/explanations/db_authz.html

It doesn't seem like current_user_id() is a provided function, and the docs claim nothing else is done with the JWT except validating it. It looks like your claim already includes user_id, so you'd have to get it from the claim using:

   current_setting('request.jwt.claims', true)::json->>'user_id';

Not sure if I'm missing something.

discuss

cryptonector|1 year ago

I really didn't understand what the tutorial is doing with JWT. BTW, PostgREST supports JWT for authentication, so there's nothing to do here unless this application is a sort of JWT issuer (but I really didn't get that sense at all).

radimm|1 year ago

Yes, application issues own JWT tokens - specifically in `public.create_jwt`

radimm|1 year ago

Author here - you are absolutely correct. Damn, during the last proof-reading one function got lost. Will fix it ASAP