c7e577b513
### **User description** 🎉🎉🎉🎉🎉🎉🎉 Node.js is no more from the service. Tests have also been migrated to bun as it was a drop-in replacement and speed things up. ___ ### **PR Type** Enhancement ___ ### **Description** - Add three new authentication endpoints to Go API - Implement user signout with single/all session options - Add JWT token verification endpoint functionality - Include user information retrieval endpoint ___ ### **Changes walkthrough** 📝 <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td><strong>Enhancement</strong></td><td><details><summary>11 files</summary><table> <tr> <td><strong>server.gen.go</strong><dd><code>Add generated server code for new endpoints</code> </dd></td> <td><a href="https://github.com/nhost/hasura-auth/pull/653/files#diff-ebca0209f464067ebb38f8fad9dd352058e15702563f575d649434a1e7722b3d">+307/-94</a></td> </tr> <tr> <td><strong>types.gen.go</strong><dd><code>Add request/response types for new endpoints</code> </dd></td> <td><a href="https://github.com/nhost/hasura-auth/pull/653/files#diff-086764bd76c1416b0d0ddedcc804c3e6983907886215f9bb51162df91e823254">+27/-4</a> </td> </tr> <tr> <td><strong>controller.go</strong><dd><code>Add DeleteRefreshToken method to DBClient interface</code> </dd></td> <td><a href="https://github.com/nhost/hasura-auth/pull/653/files#diff-68eba6c5b3be94c2016a5c821351ad07c60e395226594ff744901f759e22af15">+1/-0</a> </td> </tr> <tr> <td><strong>errors.go</strong><dd><code>Add error handling for new endpoints</code> </dd></td> <td><a href="https://github.com/nhost/hasura-auth/pull/653/files#diff-d2ebd3582b320c6db8161b6f3f90931cee507a68d9667ca1f6c88e8108ede569">+13/-0</a> </td> </tr> <tr> <td><strong>get_user.go</strong><dd><code>Implement GET /user endpoint handler</code> </dd></td> <td><a href="https://github.com/nhost/hasura-auth/pull/653/files#diff-ff88db799ee5509cf87961dfbe457becac8368c0219dc3048a7962113b5a23e2">+78/-0</a> </td> </tr> <tr> <td><strong>post_signout.go</strong><dd><code>Implement POST /signout endpoint handler</code> </dd></td> <td><a href="https://github.com/nhost/hasura-auth/pull/653/files#diff-682119325058fb9866c24830d910fc19e734c1f3bde7d61a4f671cc17b93ff96">+38/-0</a> </td> </tr> <tr> <td><strong>post_token_verify.go</strong><dd><code>Implement POST /token/verify endpoint handler</code> </dd></td> <td><a href="https://github.com/nhost/hasura-auth/pull/653/files#diff-fc96c64f7ae67cf4ad34de7e9bc5cb19129e71dd6274c58e5749750df620e0e8">+27/-0</a> </td> </tr> <tr> <td><strong>workflows.go</strong><dd><code>Add JWT verification and token deletion workflows</code> </dd></td> <td><a href="https://github.com/nhost/hasura-auth/pull/653/files#diff-6aaacc47584f1edde5a01051611a7baffc583fc32b48df6d7fee39afa16a65cb">+71/-5</a> </td> </tr> <tr> <td><strong>query.sql.go</strong><dd><code>Add generated DeleteRefreshToken database method</code> </dd></td> <td><a href="https://github.com/nhost/hasura-auth/pull/653/files#diff-442fde6e20ac506fb6bc13c00a7374ee9c33b183ffda72db4e49e1b013cd4cde">+10/-0</a> </td> </tr> <tr> <td><strong>openapi.yaml</strong><dd><code>Add OpenAPI specs for new endpoints</code> </dd></td> <td><a href="https://github.com/nhost/hasura-auth/pull/653/files#diff-9fe8f7da727ff26c02939aa060e0348d870e6dd95ba433f9f4d53a9a6967aca0">+87/-0</a> </td> </tr> <tr> <td><strong>query.sql</strong><dd><code>Add DeleteRefreshToken SQL query</code> </dd></td> <td><a href="https://github.com/nhost/hasura-auth/pull/653/files#diff-c19dd96472c44a7389d4d1f72e0a1879df1e06e8e4d333ca3cb6b6dfbe3083ef">+4/-0</a> </td> </tr> </table></details></td></tr><tr><td><strong>Tests</strong></td><td><details><summary>17 files</summary><table> <tr> <td><strong>get_user_test.go</strong><dd><code>Add comprehensive tests for user endpoint</code> </dd></td> <td><a href="https://github.com/nhost/hasura-auth/pull/653/files#diff-a384a0b80b29014dd574d56c5e5eda6f41470acdfbe8dabbe3af3b9159e0e735">+154/-0</a> </td> </tr> <tr> <td><strong>controller.go</strong><dd><code>Add mock for DeleteRefreshToken method</code> </dd></td> <td><a href="https://github.com/nhost/hasura-auth/pull/653/files#diff-f1b1f168b0924b023c571d6274d53defef472a872f5fee4de1c4ae78959cc327">+14/-0</a> </td> </tr> <tr> <td><strong>post_elevate_webauthn_verify_test.go</strong><dd><code>Update test response with ActiveMfaType field</code> </dd></td> <td><a href="https://github.com/nhost/hasura-auth/pull/653/files#diff-07856a39c8a5430d741bcf08861eb85bdd09b2785ce4296eaf3d2697bbc53855">+1/-0</a> </td> </tr> <tr> <td><strong>post_signin_anonymous_test.go</strong><dd><code>Update test responses with ActiveMfaType field</code> </dd></td> <td><a href="https://github.com/nhost/hasura-auth/pull/653/files#diff-c25dbd9375a284855b2297546ad1f6e2550bfaa189af9aea805d8a20c21fddea">+3/-0</a> </td> </tr> <tr> <td><strong>post_signin_email_password_test.go</strong><dd><code>Update test responses with ActiveMfaType field</code> </dd></td> <td><a href="https://github.com/nhost/hasura-auth/pull/653/files#diff-20169cf1b0f6c102c29b882d28234333096dd5fc226ad1a92119e00206e4c26e">+3/-0</a> </td> </tr> <tr> <td><strong>post_signin_idtoken_test.go</strong><dd><code>Update test responses with ActiveMfaType field</code> </dd></td> <td><a href="https://github.com/nhost/hasura-auth/pull/653/files#diff-d849cc9b72340eb39d633b2446f3223cb202e09cabdef07b5ce512f15fc129f2">+4/-0</a> </td> </tr> <tr> <td><strong>post_signin_mfa_totp_test.go</strong><dd><code>Update test response with ActiveMfaType field</code> </dd></td> <td><a href="https://github.com/nhost/hasura-auth/pull/653/files#diff-2f07c5c0613472bcfad7967a8116602ffa8f33856de94380d50ccdbd95bec206">+1/-0</a> </td> </tr> <tr> <td><strong>post_signin_otp_email_verify_test.go</strong><dd><code>Update test response with ActiveMfaType field</code> </dd></td> <td><a href="https://github.com/nhost/hasura-auth/pull/653/files#diff-df88ef70165a67033c322cc91cd5d0c28d7459f69c709ac9074fb8222e518a7f">+1/-0</a> </td> </tr> <tr> <td><strong>post_signin_passwordless_sms_otp_test.go</strong><dd><code>Update test responses with ActiveMfaType field</code> </dd></td> <td><a href="https://github.com/nhost/hasura-auth/pull/653/files#diff-852ae47a5ab7ad9241dc132565e8935025c90bf54f776eefd92a35462d1ad94f">+2/-0</a> </td> </tr> <tr> <td><strong>post_signin_pat_test.go</strong><dd><code>Update test responses with ActiveMfaType field</code> </dd></td> <td><a href="https://github.com/nhost/hasura-auth/pull/653/files#diff-020127c3b0d584aa14d94f93ce33be359ce58e7fb9b893211d4edaaceedac9e9">+3/-1</a> </td> </tr> <tr> <td><strong>post_signin_webauthn_verify_test.go</strong><dd><code>Update test responses with ActiveMfaType field</code> </dd></td> <td><a href="https://github.com/nhost/hasura-auth/pull/653/files#diff-1c449231790f6e56e26d47fecb200b1f2b3585ea9f80ad19ab8f905b01094a46">+2/-0</a> </td> </tr> <tr> <td><strong>post_signout_test.go</strong><dd><code>Add comprehensive tests for signout endpoint</code> </dd></td> <td><a href="https://github.com/nhost/hasura-auth/pull/653/files#diff-d00ef8fa496c728003f75a5ea96da5ee58427883d433b923cc8550ad83788852">+240/-0</a> </td> </tr> <tr> <td><strong>post_signup_email_password_test.go</strong><dd><code>Update test responses with ActiveMfaType field</code> </dd></td> <td><a href="https://github.com/nhost/hasura-auth/pull/653/files#diff-c7050138b811ec2f854c0dfa34ac1eb9f03831c1f682e6a677dfe16943cb5f84">+5/-0</a> </td> </tr> <tr> <td><strong>post_signup_webauthn_verify_test.go</strong><dd><code>Update test responses with ActiveMfaType field</code> </dd></td> <td><a href="https://github.com/nhost/hasura-auth/pull/653/files#diff-c93cb267e3fcbec34fe2f8c5dbc204bb6d2cbc9fff58597ad761da5a8e661c3c">+2/-0</a> </td> </tr> <tr> <td><strong>post_token_test.go</strong><dd><code>Update test responses with ActiveMfaType field</code> </dd></td> <td><a href="https://github.com/nhost/hasura-auth/pull/653/files#diff-dfb4a72aeccf26b3cfb4f1a91a0d2807896febd4b602cfca4b751636befde18a">+2/-0</a> </td> </tr> <tr> <td><strong>post_token_verify_test.go</strong><dd><code>Add tests for token verification endpoint</code> </dd></td> <td><a href="https://github.com/nhost/hasura-auth/pull/653/files#diff-62e46f99186e19026de69c5fc76018a1da786d42ec53789c62fb6f322b6efe30">+76/-0</a> </td> </tr> <tr> <td><strong>user.test.ts</strong><dd><code>Update test expectation for unauthenticated user</code> </dd></td> <td><a href="https://github.com/nhost/hasura-auth/pull/653/files#diff-81735490d16bd713d0cb1e56f6142829870fbc951a8fa53e70304f2dd6ad8567">+1/-1</a> </td> </tr> </table></details></td></tr><tr><td><strong>Documentation</strong></td><td><details><summary>1 files</summary><table> <tr> <td><strong>CLAUDE.md</strong><dd><code>Add comprehensive Go migration documentation</code> </dd></td> <td><a href="https://github.com/nhost/hasura-auth/pull/653/files#diff-6ebdb617a8104a7756d0cf36578ab01103dc9f07e4dc6feb751296b9c402faf7">+415/-0</a> </td> </tr> </table></details></td></tr></tr></tbody></table> ___ > <details> <summary> Need help?</summary><li>Type <code>/help how to ...</code> in the comments thread for any questions about PR-Agent usage.</li><li>Check out the <a href="https://qodo-merge-docs.qodo.ai/usage-guide/">documentation</a> for more information.</li></details>
Hasura Auth
Authentication for Hasura
Core Features
- 🧑🤝🧑 Users are stored in Postgres and accessed via GraphQL
- 🔑 Multiple sign-in methods.
- ✨ Integrates with GraphQL and Hasura Permissions
- 🔐 JWT tokens and Refresh Tokens.
- ✉️ Emails sent on various operations
- ✅ Optional checking for Pwned Passwords.
Sign in methods
- Email and Password - simple email and password method.
- Email - also called passwordless email or magic link.
- SMS - also called passwordless sms.
- Anonymous - sign in users without any method. Anonymous users can be converted to regular users.
- OAuth providers: Facebook, Google, GitHub, Twitter, Apple, Azure AD, LinkedIn, Windows Live, Spotify, Strava, GitLab, BitBucket, Discord, WorkOS.
- Security keys with WebAuthn
Deploy Hasura Auth in Seconds
Use Nhost to start using Hasura Auth in seconds.
Using Docker-compose
git clone https://github.com/nhost/hasura-auth.git
cd hasura-auth
cp .env.example .env
docker-compose -f docker-compose-example.yaml up
Configuration
Read our configuration guide to customise the Hasura Auth settings.
Workflows
- Email and password
- Oauth social providers
- Passwordless with emails (magic links)
- Passwordless with SMS
- Anonymous users
- Change email
- Change password
- Reset password
- Refresh tokens
- Security keys with WebAuthn
JWT Signing
The JWT tokens can be signed with either a symmetric key based on HMAC-SHA or with asymmetric keys based on RSA. To configure the JWT signing method, set the environment variable HASURA_GRAPHQL_JWT_SECRET which should follow the same format as Hasura with a few considerations:
- Only
HSandRSalgorithms are supported. - If using
RSalgorithm, the public key should be in PEM format. - If using
RSalgorithm, the private key should be in PKCS#8 format inside an extra fieldsigning_key. - If using
RSalgorithm, an additional fieldkidcan be added to specify the key id in the JWK Set.
When using asymmetric keys, you can get the JWK Set from the endpoing .well-known/jwks.json.
Recipes
- Extending Hasura's permissions with Custom JWT claims
- Extending the user schema
Reference
- List of the available environment variables.
- The service comes with an OpenAPI definition which you can also see online.
- Database Schema
🤝 Contributing
Contributions and issues are welcome. Please have a look at the developer's guide if you want to prepare a pull request.
Feel free to check the issues page.
Show your support
Give a ⭐️ if this project helped you!
📝 License
This project is MIT licensed.