cuddly-australia-64189
02/17/2022, 1:40 PMusers
table in the db which is used for permissions, and the JWT that Hasura reads needs to include the id of the user (in some custom claims). The id_token
mutator in Kratos only has access to the identity
table's id created by Kratos, so I need to somehow add the corresponding user's id to be able to add it to the JWT claims.
I was considering putting the user id in the traits, but it's kind of sensitive and - more importantly - it cannot be allowed to be changed by the user.
I see three options:
1. add the user id to the identity somehow (traits don't seem to be an option)
2. load the user id when logging in and add it to the session data that the mutator has access to, this could be a hook, but I don't know if the result of the login.after
hook is accessible somehow?
3. read the user id from hasura in the mutator (this seems the less optimal option as that would make a request to hasura on every mutator execution)
Any advice is greatly appreciated, thank you!
(the solution to this might be through Oathkeeper, which would be fine)magnificent-energy-493
alert-twilight-54673
02/17/2022, 2:03 PMalert-twilight-54673
02/17/2022, 2:04 PMcuddly-australia-64189
02/17/2022, 5:19 PMlogin.after
hook be used by the mutator somehow? It seems a bit tricky because the hook is a Kratos thing and the mutator is on Oathkeeper side.