DOCS  vx.y

Tutorials

Get instant support on our discord server

Unauthenticated access

Use case

It is a common requirement to have requests which are accessible to all users without the need for any authentication (logging in). For example, to display a public feed of events.

You can configure Hasura GraphQL engine to allow access to unauthenticated users by defining a specific role which will be set for all unauthenticated requests.

Configuring unauthenticated access

You can use the env variable HASURA_GRAPHQL_UNAUTHORIZED_ROLE or --unauthorized-role flag to set a role for unauthenticated (non-logged in) users. See GraphQL engine server flags reference for more details on setting this flag/env var.

This role can then be used to define the permissions for unauthenticated users as described in Authorization / Access control. A guide on setting up unauthenticated user permissions can be found here.

How it works

Once you have configured authentication, by default Hasura GraphQL engine will reject any unauthenticated request it receives.

Based on your authentication setup, an unauthenticated request is any request:

• for which the webhook returns a 401 Unauthorized response in case of webhook authentication.
• which does not contain a JWT token in case of JWT authentication.

Once an unauthenticated role is configured, unaunthenticated requests will not be rejected and instead the request will be made with the configured role.

« previous | next »

Was this page helpful?

Submit

Thank you for your feedback!

Want to contribute or report missing content?

edit this page on github | contributing guidelines | report an issue

Hasura GraphQL engine is open source. See license

Powered by Sphinx. | Copyright © 2020 Hasura.