AccessProvider
Learn: Access providers |
---|
We recommend you use FSL to create and update access providers. See FSL access provider schema. |
An access provider registers an external identity provider (IdP), such as Auth0, in your Fauna database.
Once set up, the IdP can issue JSON Web Tokens (JWTs) that act as Fauna authentication secrets. This lets your application’s end users use the IdP for authentication.
AccessProvider
collection
Fauna stores access providers as documents in the AccessProvider
system
collection. These documents are an FQL version of the FSL
access provider schema.
AccessProvider
documents have the following FQL structure:
{
name: "someIssuer",
coll: AccessProvider,
ts: Time("2099-09-06T21:46:50.272Z"),
roles: [
"customer",
{
role: "manager",
predicate: "(jwt) => jwt!.scope.includes(\"manager\")"
}
],
jwks_uri: "https://example.com/.well-known/jwks.json",
audience: "https://db.fauna.com/db/ysij4khxoynr4",
data: {
desc: "Access provider for issuer"
},
issuer: "https://example.com/"
}
Field | Type | Read-only | Required | Description | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
true |
Unique name for the access provider in the database. Must begin with a letter. Can only include letters, numbers, and underscores. |
|||||||||||
|
true |
The document’s collection. For access providers, this value is
|
|||||||||||
|
true |
Document last changed timestamp. Updated only on document write. |
|||||||||||
|
true |
Issuer for the IdP’s JWTs. Must match the |
|||||||||||
|
true |
URI that points to public JSON web key sets (JWKS) for JWTs issued by the IdP. Fauna uses the keys to verify each JWT’s signature. |
|||||||||||
|
User-defined roles assigned to JWTs issued by the IdP. Can’t be built-in roles. A
|
||||||||||||
|
true |
Globally unique URL for the Fauna database.
Must match the |
|||||||||||
|
Arbitrary user-defined metadata for the provider. |
Static methods
You can use the following static methods to manage the AccessProvider
collection in FQL.
Method | Description |
---|---|
Get a Set of all access providers. |
|
Get an access provider by its name. |
|
Create an access provider. |
|
Get the first access provider matching a provided predicate. |
|
Get |
|
Get a Set of access providers that match a provided predicate. |
Instance methods
You can use the following instance methods to manage specific AccessProvider
documents in FQL.
Method | Description |
---|---|
Delete an access provider. |
|
Test if an access provider exists. |
|
Replace an access provider. |
|
Update an access provider. |
Is this article helpful?
Tell Fauna how the article can be improved:
Visit Fauna's forums
or email docs@fauna.com
Thank you for your feedback!