Elevated Permissions

Elevated Permissions is a new feature introduced by Nhost Auth, designed to enhance security for certain data or user workflows by requiring an additional validation step using a Security Key. When a user successfully completes this extra security challenge, a claim x-hasura-auth-elevated: $user-id is added to their access token, remaining valid for the token's duration. This claim can be utilized as a Permission Variable within the GraphQL API to define access to data and actions needing the extra security check, similar to the x-hasura-user-id. Additionally, the Auth API allows for security checks on endpoints related to changing passwords, altering emails, managing MFA, adding security keys, and creating personal access tokens (PATs) by configuring the mode to 'required' for elevated privileges. Further details and examples can be found in the documentation.