jwt-secret
, however I fail to complete the request due to not having {"role": "foo"}
in the JWT payload. How do folks handle the scenario where you don't control the JWT creation process? I saw the section in the docs referring to Auth0, but it appears some identity providers don't offer the same ability to customize the payload. Is it just not possible to use postgrest in this scenario?
http
directive isn’t valid. Removing this, Nginx starts, but I cannot connect? Any ideas or - even better - a working nginx configuration file.
Well, the talk went well. There's good amount of resistance among backend developers about having to write business logic in PL/pgsql. The point that with postgres features, you probably don't need as much custom business logic code as you think, needs to be communicated better.
Slides, code and discussions for my talk are available here: https://github.com/nileshtrivedi/sqljs
Hey @/all,
The company I work for is hiring Support Engineers. If you know PostgreSQL, PostgREST + Javascript then you might be an ideal fit and I'd encourage you to apply!
There are other job openings too in case you're interested. Thanks!
Initial situation:
I am running a PostgREST server in version 9.0.1. The OS is OpenSuse Leap 15. The user authentication is done to the PostgreSQL API (q.e. psql) via the PAM module and the SSSD service against the LDAP server.
As database I use a PostgreSQL in version 14.
For PostgREST the extension pgjwt is set up. This successfully signs a JWT to an existing DB role in the table "basic_auth.users" as described at https://postgrest.org/en/stable/auth.html#storing-users-and-passwords. The role was created manually and does not come from the LDAP system.
My question:
Using a mobile app, I want users to be issued a JWT to their existing LDAP account.
How can I use the authenticator role from PostgREST to authenticate a user against the LDAP system and sign them a JWT?
server:
image: postgrest/postgrest
restart: unless-stopped
container_name: postgrest_server
ports:
- "0.0.0.0:3000:3000"
environment:
PGRST_DB_URI: postgres://authenticator:xxxxxxxxxxxxxxxxx@db:5432/quotes
PGRST_DB_SCHEMAS: quotes
PGRST_DB_ANON_ROLE: quotes_user #In production this role should not be the same as the one used for the connection
PGRST_OPENAPI_SERVER_PROXY_URI: "http://127.0.0.1:3000/"
PGRST_JWT_SECRET: 'xxxxxxxxxxxxxxxxx'
depends_on:
- db
pgtap
. I am using supabase, the extension is installed on the server (i can create extension pg_tap
) but i have no idea how to to actually install the test runner pg_prove
and actually run the tests.Hi all, I have a strange bug with this simple "logout" RPC function
create or replace function logout() returns void as $$
begin
perform set_config('response.headers', '[{"Set-Cookie": "jwt=0; Path=/;expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly"}, ...blablabla...]', true);
end;
$$ language plpgsql IMMUTABLE; -- IMMUTABLE can be GET
GRANT EXECUTE ON FUNCTION logout TO "anon", "user", "admin";
But the set_config only occur "sometimes", as you can see with the same curl
command I get different headers response.
$ curl -v 'http://0.0.0.0/api/rpc/logout'
* Trying 0.0.0.0:80...
* Connected to 0.0.0.0 (127.0.0.1) port 80 (#0)
> GET /api/rpc/logout HTTP/1.1
> Host: 0.0.0.0
> User-Agent: curl/7.84.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.21.6
< Date: Tue, 02 Aug 2022 00:07:56 GMT
< Content-Type: application/json; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Content-Range: 0-0/*
< Set-Cookie: jwt=0; Path=/;expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly
< Set-Cookie: id=0; Path=/;expires=Thu, 01 Jan 1970 00:00:01 GMT;
< Set-Cookie: role=0; Path=/;expires=Thu, 01 Jan 1970 00:00:01 GMT;
<
* Connection #0 to host 0.0.0.0 left intact
""
and just 2 second later, no more Set-Cookie ...
$ curl -v 'http://0.0.0.0/api/rpc/logout'
* Trying 0.0.0.0:80...
* Connected to 0.0.0.0 (127.0.0.1) port 80 (#0)
> GET /api/rpc/logout HTTP/1.1
> Host: 0.0.0.0
> User-Agent: curl/7.84.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.21.6
< Date: Tue, 02 Aug 2022 00:07:58 GMT
< Content-Type: application/json; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Content-Range: 0-0/*
<
* Connection #0 to host 0.0.0.0 left intact
It feels like some kind of "caching" issue but I don't see how/why/what I did wrong