Integrate Grafbase with Clerk
The first step is to create a new Clerk application from your Clerk Dashboard if you haven’t done so already. You can choose whichever authentication strategy and social sign-in providers you prefer. For more information, see the setup guide.
After your Clerk application has been created, go to the Clerk Dashboard and navigate to the JWT templates page. Click on the New template button to create a new template based on Grafbase.
Once the Grafbase template is created, you will be redirected to the template's page. You can now configure the template to your needs.
The Grafbase template will pre-populate the default claims required by Grafbase. You can include additional claims as necessary. Shortcodes are available to make adding dynamic user values easy.
Configure Grafbase
The next step is to configure Grafbase with the issuer domain provided by Clerk. From your Clerk JWT template screen, find the Issuer input and click to Copy the URL.
Signed in user authentication
If you want to enable access to your Grafbase data for any signed-in user, then you’ll want to configure your schema with the allow: private
rule:
Make sure to set the environment variable ISSUER_URL
(using the Grafbase CLI, or Clerk Dashboard) to be your Frontend API value. This value can be found in the Clerk Dashboard on the API Keys page.
Group-based authentication
If you’re working with group-based user access then you can use allow: groups
, and provide an array of groups to your schema @auth
rules:
Make sure to replace YOUR_FRONTEND_API
with the Frontend API value. This value can be found in the Clerk Dashboard on the API Keys page.
If needed, you can also use a shortcode to dynamically include the users current organization's role. Shortcodes can be found and updated on your JWT templates for Grafbase in the Clerk Dashboard.
Authenticating requests
You must send OIDC (JWT) tokens using an Authorization: Bearer TOKEN
header. Your token must include the group if using group-based authentication.
The useAuth()
hook os the easiest way to generate JWTs. Use await getToken({ template: "..." })
and specify your grafbase template to retrieve a new JWT.
Feedback
Last updated on