Check out v4 of the Fauna CLI
v4 of the Fauna CLI is now in beta. The new version introduces enhancements to the developer experience, including an improved authentication workflow. To get started, check out the CLI v4 quick start. |
FSL access provider schema
Learn: Access providers |
---|
This page covers the FSL syntax for access provider schemas. For an overview of access providers, see Access providers. |
An FSL access provider schema defines an access provider. An access provider registers an external identity provider (IdP), such as Auth0, in your Fauna database.
access provider someIssuer {
issuer "https://example.com/"
jwks_uri "https://example.com/.well-known/jwks.json"
role customer
}
Once set up, the IdP can issue JSON Web Tokens (JWTs) that act as Fauna authentication secrets. This lets your application’s end users use the IdP for authentication.
You can create and manage schema using any of the following:
-
The Fauna CLI
-
The Fauna Dashboard
-
The Fauna Core HTTP API’s Schema endpoints
Fauna stores each access provider schema as an FQL document in the
AccessProvider
system
collection.
FSL syntax
access provider <accessProvider> {
issuer "<issuer>"
jwks_uri "<jwksUri>"
[role <role> [{
predicate <predicateFunction>
}] . . .]
}
Name
- access provider Required
-
Unique name for the access provider in the database.
Must begin with a letter. Can only include letters, numbers, and underscores.
Properties
Property | Required | Description |
---|---|---|
issuer |
Yes |
Issuer for the IdP’s JWTs. Must match the The issuer URL. This tells Fauna which IdP is permitted to send a JWT to authorize a query to be executed. |
jwks_uri |
Yes |
URI that points to public JSON web key sets (JWKS) for JWTs issued by the IdP. Fauna uses the keys to verify each JWT’s signature. |
role |
User-defined role assigned to JWTs issued by the IdP. Can’t be a built-in role. An access provider can have multiple Each The predicate function is passed one argument: an object containing the JWT’s payload. The predicate function does not support shorthand syntax. |
Examples
access provider someIssuer {
issuer "https://example.com/"
jwks_uri "https://example.com/.well-known/jwks.json"
role customer
role manager {
predicate (jwt => jwt!.scope.includes("manager"))
}
}
Is this article helpful?
Tell Fauna how the article can be improved:
Visit Fauna's forums
or email docs@fauna.com
Thank you for your feedback!