Access provider schema
Learn: Access providers |
---|
Defines an access provider.
An access provider registers an external identity provider (IdP) or JSON Web Token (JWT) issuer, such as Auth0, in your Fauna database.
Once set up, the IdP can issue JWTs that act as Fauna authentication secrets. This lets your application’s end users use the IdP for authentication.
access provider someIssuer {
issuer "https://example.com/"
jwks_uri "https://example.com/.well-known/jwks.json"
role customer
}
Syntax
access provider <accessProvider> {
issuer "<issuer>"
jwks_uri "<jwksUri>"
[role <role> [{
predicate <predicateFunction>
}] . . .]
}
Name
- access provider Required
-
Unique name for the access provider in the database.
Must begin with a letter. Can only include letters, numbers, and underscores.
Properties
Property | Required | Description |
---|---|---|
issuer |
Yes |
Issuer for the IdP’s JWTs. Must match the The issuer URL. This tells Fauna which IdP is permitted to send a JWT to authorize a query to be executed. |
jwks_uri |
Yes |
URI that points to public JSON web key sets (JWKS) for JWTs issued by the IdP. Fauna uses the keys to verify each JWT’s signature. |
role |
User-defined role assigned to JWTs issued by the IdP. Can’t be a built-in role. An access provider can have multiple Each The predicate function is passed one argument: an object containing the JWT’s payload. The predicate function does not support shorthand syntax. |
Examples
access provider someIssuer {
issuer "https://example.com/"
jwks_uri "https://example.com/.well-known/jwks.json"
role customer
role manager {
predicate (jwt => jwt!.scope.includes("manager"))
}
}
Is this article helpful?
Tell Fauna how the article can be improved:
Visit Fauna's forums
or email docs@fauna.com
Thank you for your feedback!