Hacker News new | ask | show | jobs
by billllll 738 days ago
Am I missing something or is step 3 missing some steps to validate the JWT and define the current_user_id() function?

Taking a look at the docs here:

https://postgrest.org/en/v12/references/auth.html

https://postgrest.org/en/v12/explanations/db_authz.html

It doesn't seem like current_user_id() is a provided function, and the docs claim nothing else is done with the JWT except validating it. It looks like your claim already includes user_id, so you'd have to get it from the claim using:

   current_setting('request.jwt.claims', true)::json->>'user_id';
Not sure if I'm missing something.
2 comments
cryptonector 738 days ago
I really didn't understand what the tutorial is doing with JWT. BTW, PostgREST supports JWT for authentication, so there's nothing to do here unless this application is a sort of JWT issuer (but I really didn't get that sense at all).
link
radimm 738 days ago
Yes, application issues own JWT tokens - specifically in `public.create_jwt`
link
radimm 738 days ago
Author here - you are absolutely correct. Damn, during the last proof-reading one function got lost. Will fix it ASAP
link