So… just fo future users who want to do what I just did and use auth0 or something similar. Here’s the final solution (and works great).
First… follow the Auth0 docs for turning on RBAC and adding RBAC roles to the JWT Custom claims.
Second… follow the Dgraph docs for using Auth0 w/ Dgraph.
Third: Create rule to generate any think you want to query on in your Dgraph rules: Here’s what I ended up with.
function (user, context, callback) {
const namespace = "https://dgraph.io/jwt/claims";
const assignedRoles = (context.authorization || {}).roles;
context.idToken[namespace] =
{
'USER': user.email,
'isAuthenticated': 'true', // This is the rule I created to differentiate between public and private data
};
assignedRoles.forEach((role) => {
context.idToken[namespace][role] = 'true'; // This loops through the array of roles, adds them to the object and sets them to true.
});
return callback(null, user, context);
}
Last… in my schema, I’ve set the rules to look like this:
type Blog @auth(
add: { rule: "{$ContentCreator: { eq: \"true\" } }" },
update: { rule: "{$ContentCreator: { eq: \"true\" } }" },
delete: { or: [
{ rule: "{$ContentCreator: { eq: \"true\" } }" },
{ rule: "{$Admin: { eq: \"true\" } }" },
]},
query: { or: [
{ rule: "{$isAuthenticated: { eq: \"true\" } }" },
{ rule: """query {
queryBlog(filter: {isPublic: true}) {
id
}
}
"""}
]}
)
Hopefully that’ll help future people who may need to do something similar.
-Tom