I have recently added the --auth
flag to make my instance of SurrealDB production ready as suggested in the documentation.
Upon doing so, my users can no longer view their data as this error is returned when authenticating with JWT tokens: {"code":403,"details":"Forbidden","description":"Not allowed to do this.","information":"There was a problem with the database: IAM error: Not enough permissions to perform this action"}
Removing the --auth
flag allows this authentication, but this goes against the production ready recommendation.
SAMPLE JWT TOKEN CONTENT
{"ns": "Test","db": "Test","sc": "account","tk": "user_tkn","id": "users:test_user","iat": 1703421361,"exp": 1703424961}
SAMPLE REQUEST
curl -X POST "https://database.com/sql" \ -H "Content-Type: text/plain" \ -H "Accept: application/json" \ -H "Token: <HS256 TOKEN HERE>" \ -H "NS: Test" \ -H "DB: Test" \ -H "SC: account" \ -d "SELECT * FROM users:⟨+44XXXXXXXXXX⟩"
For testing purposes, I have given PERMISSIONS FULL
to the users
table.
INFO FOR SCOPE
{"tokens": {"user_tkn": "DEFINE TOKEN user_tkn ON SCOPE account TYPE HS256 VALUE 'example123456'" }}
Additional Info
Start Command: surreal start --auth --deny-guests --no-banner
Protocol: HTTPS
SurrealDB Version: 1.0.2 for linux on x86_64