FSL access provider schema
Learn: Access providers |
---|
This page covers the FSL syntax for access provider schemas. For an overview of access providers, see Access providers. |
An FSL access provider schema defines an access provider. An access provider registers an external identity provider (IdP), such as Auth0, in your Fauna database.
access provider someIssuer {
issuer "https://example.com/"
jwks_uri "https://example.com/.well-known/jwks.json"
role customer
}
Once set up, the IdP can issue JSON Web Tokens (JWTs) that act as Fauna authentication secrets. This lets your application’s end users use the IdP for authentication.
You can use the Fauna Dashboard or the
Fauna CLI to push schema changes to Fauna. Fauna
stores each access provider schema as an FQL document in the
AccessProvider
system
collection.
FSL syntax
access provider <accessProvider> {
issuer "<issuer>"
jwks_uri "<jwksUri>"
[role <role> [{
predicate <predicateFunction>
}] . . .]
}
Name
- access provider Required
-
Unique name for the access provider in the database.
Must begin with a letter. Can only include letters, numbers, and underscores.
Properties
Property | Required | Description |
---|---|---|
issuer |
Yes |
Issuer for the IdP’s JWTs. Must match the The issuer URL. This tells Fauna which IdP is permitted to send a JWT to authorize a query to be executed. |
jwks_uri |
Yes |
URI that points to public JSON web key sets (JWKS) for JWTs issued by the IdP. Fauna uses the keys to verify each JWT’s signature. |
role |
User-defined role assigned to JWTs issued by the IdP. Can’t be a built-in role. An access provider can have multiple Each The predicate function is passed one argument: an object containing the JWT’s payload. The predicate function does not support shorthand syntax. |
Examples
access provider someIssuer {
issuer "https://example.com/"
jwks_uri "https://example.com/.well-known/jwks.json"
role customer
role manager {
predicate (jwt => jwt!.scope.includes("manager"))
}
}
Is this article helpful?
Tell Fauna how the article can be improved:
Visit Fauna's forums
or email docs@fauna.com
Thank you for your feedback!