I was looking at Hasura's permission system from the other way around before I read your great post: leveraging on "default role", "allowed roles" and "current" (per request) role. I'd have managed composite roles in eg. Keycloak and use a custom auth hook to build the custom token for Hasura but then I would need to alter the "current" role for each request. This would force me to use http(s) instead of ws(s) until this one is closed:
This would also look odd on Hasura Console which lists ALL roles for ALL tables and would make managing permissions a lot messier.
Your solution looks more maintainable. Your post being almost 1 year old, do you have any advice for newcomers going down this road?
Thanks for the great article.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.