AccessProvider.create()

Create an AccessProvider.

Signature

AccessProvider.create(data: {*: Any}): AccessProvider

Description

The AccessProvider.create() method creates an AccessProvider document with the provided data. The provider document controls access to the current database by a third-party identity provider (IdP), such as Auth0.

After an AccessProvider document is created and the IdP is configured, callers can authenticate using the IdP service, then access Fauna resources as configured by the document.

Parameters

Parameter Type Required Description

data

Object

Object describing the access provider.

data fields

Name Type Required Description

name

String

Yes

Unique external identity provider (IdP) name. Can’t be events, sets, self, documents, or underscore (_) character and can’t include the percent (%) character.

issuer

String

Unique IdP HTTPS URL used to grant access to Fauna, typically, an account or application URL supplied by the IdP. Use an exact copy of the IdP issuer URL, including a trailing slash (/) if it exists.

jwks_uri

String

Valid HTTPS URI. This should be the JSON Web Key (JWK) that signs the JSON Web Token (JWT) from the IdP.

roles

Null OR String OR Object OR Array

Roles to evaluate JWT token access. No privileges are defined if roles is omitted and queries with JWT tokens from issuer can’t be processed.

If a predicate is defined, the predicate must use long form syntax.

If roles is a single role string, it has the following format:

roles: 'developers'

If roles is an array of role strings, it has the following format:

roles: [
  'developers',
  'managers'
]

If roles is a single role:predicate object, it has the following format:

"roles": {
  "role": "customers",
  "predicate": "_ => true"
}

If roles is an array of role:predicate objects, it has the following format:

"roles": [
  {
    "role": "customers",
    "predicate": "_ => true"
  },
  ...
]

The predicate function is passed an object representing the JWT token payload field, which includes claims. How the claims are interpreted depends on the IdP. See https://jwt.io/introduction/ or your IdP documentation for more information.

If the predicate function returns true, the role is evaluated to grant or deny access needed to execute the query.

data

Object

User-defined AccessProvider metadata to store supplemental information.

Return value

An object with metadata for the results of the create() call.

Type Description

AccessProvider

New access provider.
See AccessProvider document definition

Examples

AccessProvider.create({
  name: "anAccessProvider",
  issuer: "https://fauna.auth0.com",
  jwks_uri: "https://fauna.auth0.com/.well-known/jwks.json",
  roles: [
    "mgmtTeam",
    {
      role: "mgmtTeam",
      predicate: "_ => true"
    }
  ],
  data: {
    custom: "some data"
  }
})
{
  name: "anAccessProvider",
  coll: AccessProvider,
  ts: Time("2023-07-28T03:46:30.150Z"),
  audience: "https://db.fauna.com/db/ywtfhw4poyynr",
  data: {
    custom: "some data"
  },
  roles: [
    "mgmtTeam",
    {
      role: "mgmtTeam",
      predicate: "_ => true"
    }
  ],
  jwks_uri: "https://fauna.auth0.com/.well-known/jwks.json",
  issuer: "https://fauna.auth0.com"
}

Is this article helpful? 

Tell Fauna how the article can be improved:
 Visit Fauna's forums or email docs@fauna.com

Thank you for your feedback!