Home / Companies / Nhost / Blog / Post Details
Content Deep Dive

Understanding JWT tokens with Hasura

Blog post from Nhost

Post Details
Company
Date Published
Author
Johan Eliasson
Word Count
641
Company Posts That Month
3
Language
English
Hacker News Points
-
Post removed?
No
Summary

A JWT (JSON Web Token) is a string that carries user information such as user ID and roles, which is used to authorize GraphQL requests to Hasura. This token is sent in the Authorization header, prefixed with "Bearer," ensuring that Hasura can identify the user and enforce data access permissions. JWT tokens are created by an authentication server, which verifies user credentials and signs the token with a secret key shared with Hasura, ensuring the token's integrity. Key session variables like x-hasura-user-id, x-hasura-allowed-roles, and x-hasura-default-role are integral to JWT tokens for resolving user permissions. Tokens have an expiration time and are stored temporarily in the client's browser memory; they can be refreshed using a refresh token, which is linked to a user in the database and facilitates obtaining a new JWT token without re-authenticating. Hasura Backend Plus is a compatible authentication server for generating these tokens, and the nhost-js-sdk is used for automatic management of token storage and refresh processes.

Trends Found in this Post

No tracked trend matches for this post yet.

Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.