ghoshnirmalya / nextjs-hasura-boilerplate Goto Github PK

Trying access https://nextjs-hasura-boilerplate.vercel.app/ result page

Exposing sensitive values to the browser is not a good idea.
I believe database value is only used on API routes. In that case, those are purely backend serverless functions. We don't need to provide a NEXT_PUBLIC_ prefix if it is just used directly from the backend.

You can check more details here.
https://nextjs.org/docs/basic-features/environment-variables

Hi there,
Great boilerplate, thank you!
I'm trying to update Hasura to the latest version hasura/graphql-engine:v2.0.0-alpha.6 however when I set image in docker-compose.yml and FROM in DOCKERFILE accordingly, the server still reports it is on v1.3.3.
I must be missing something simple here?
Thanks.

I noticed when initializing the app, the session within _app.js and subsequently apollo are not reflected with the users's creds.

It appears as the session goes through the callbacks of next-auth but is never reflected in the UI until a subsequent refresh.

I noticed by being unable to click the logout button within the nav right after signing in. I haven't dove into the issue as its late here but I'll see what I can find tomorrow and update with reproducible code need be.

Hey @ghoshnirmalya!

Such a nice project and would love to contribute.

I'm trying to use Hasura Cloud instead of the dockerized backend. Do you know how to do it?

Maybe I missed something but I can't find anything on Hasura's side for authentication. I thought there would be a json string in docker-compose.yaml for the jwt auth setup but I couldn't find that in the repo

Hi, Thank you for great project.

I was wondering how to set up user roles in this project.
Now it seems that the roles are hardcoded in JWT claims.

"https://hasura.io/jwt/claims": {
"x-hasura-allowed-roles": ["admin", "user"],
"x-hasura-default-role": "user",
"x-hasura-role": "user",
"x-hasura-user-id": token.id,
}

How do you handle refresh token with custom jwt token? I have been looking for ways to implement refresh token with next-auth but haven't found anything useful yet. Do you have any suggestion on how to handle refresh tokens once the original token expires?

I am hoping it could be implemented in the jwt/session callback in next-auth as these are called every time the user accesses a session. But how do I send my original refresh token to the client which would last longer than the access token and then once the access token expires I could just verify the refresh token and generate new tokens?

Any kind of help would be great.

1. Go here https://nextjs-hasura-boilerplate.vercel.app/
2. Click login button
3. Click Google account you want to sign in as
4. Get redirected to this: