AccessProvider document definition

Field Name Field Type Definition and Requirements

Field Name	Field Type	Definition and Requirements
`name`	String	Unique name for the external identity provider (IdP). rhyme Can’t be `events`, `sets`, `self`, `documents`, or underscore (`_`) character and can’t include the percent (`%`) character.
`issuer`	String	Unique HTTPS URL for the IdP that is used to grant access to Fauna. The `issuer` is typically an account or application URL provided by the IdP.
`jwks_uri`	String	Valid HTTPS URI. This should be the JSON Web Key (JWK) that signs the JSON Web Token (JWT) from the IdP.
`roles`	Array of role names or role-predicate objects.	Defines the roles to evaluate for access by a provided JWT token. A role that grants access means that the query involving a JWT token is processed, even if another role might deny access. If `roles` is not configured, no privileges are defined, and queries with JWT tokens from the configured `issuer` cannot be processed. Typically, `roles` is a list of one or more role document names: `roles: [ 'developers', 'managers' ]` It is also possible to specify a role-predicate object that evaluates a `role` to evaluate using the `predicate` function: `"roles": [ { "role": "customers", "predicate": "_ => true" } ]` The `predicate` function is passed an object representing the `payload` field from the JWT token. The `payload` field includes claims, that are statements about the user represented by the JWT token. How these claims are defined or interpreted varies depending on the IdP. See https://jwt.io/introduction/ for background information and your IdP documentation for more details. The `predicate` function must return a boolean value. If the result is `true`, Fauna evaluates the `role` to grant or deny the access required to execute the query request in the accompanying JWT token.
`data`	Object	User-defined metadata for the provider. Use it to store provider-relevant information.
`audience`	String	(read-only) Unique URL for your database that should be used in the `audience` configuration for an identity provider. Fauna creates this field when you create a database.
`ts`	Long	Timestamp associated with document creation, with microsecond resolution.

name

Unique name for the external identity provider (IdP). rhyme

Can’t be events, sets, self, documents, or underscore (_) character and can’t include the percent (%) character.

issuer

String

Unique HTTPS URL for the IdP that is used to grant access to Fauna. The issuer is typically an account or application URL provided by the IdP.

jwks_uri

String

Valid HTTPS URI. This should be the JSON Web Key (JWK) that signs the JSON Web Token (JWT) from the IdP.

roles

Array of role names or role-predicate objects.

Defines the roles to evaluate for access by a provided JWT token.

A role that grants access means that the query involving a JWT token is processed, even if another role might deny access. If roles is not configured, no privileges are defined, and queries with JWT tokens from the configured issuer cannot be processed.

Typically, roles is a list of one or more role document names:

roles: [ 'developers', 'managers' ]

It is also possible to specify a role-predicate object that evaluates a role to evaluate using the predicate function:

"roles": [
   {
      "role": "customers",
      "predicate": "_ => true"
     }
 ]

The predicate function is passed an object representing the payload field from the JWT token. The payload field includes claims, that are statements about the user represented by the JWT token. How these claims are defined or interpreted varies depending on the IdP. See https://jwt.io/introduction/ for background information and your IdP documentation for more details.

The predicate function must return a boolean value. If the result is true, Fauna evaluates the role to grant or deny the access required to execute the query request in the accompanying JWT token.

data

Object

User-defined metadata for the provider. Use it to store provider-relevant information.

audience

String

(read-only) Unique URL for your database that should be used in the audience configuration for an identity provider. Fauna creates this field when you create a database.

ts

Long

Timestamp associated with document creation, with microsecond resolution.

Is this article helpful?

Tell Fauna how the article can be improved:
Visit Fauna's forums or email docs@fauna.com

Thank you for your feedback!

AccessProvider document definition

Keyboard shortcuts

While reading

While searching

URL fragments