add: config jwt-schema-claim-key for schema selection in JWT#4779
Draft
taimoorzaeem wants to merge 2 commits intoPostgREST:mainfrom
Draft
add: config jwt-schema-claim-key for schema selection in JWT#4779taimoorzaeem wants to merge 2 commits intoPostgREST:mainfrom
jwt-schema-claim-key for schema selection in JWT#4779taimoorzaeem wants to merge 2 commits intoPostgREST:mainfrom
Conversation
taimoorzaeem
force-pushed
the
add/jwt-schema-claim-key
branch
2 times, most recently
from
11fffc6 to
c56a332
Compare
taimoorzaeem
force-pushed
the
add/jwt-schema-claim-key
branch
from
c56a332 to
c4ac255
Compare
taimoorzaeem
force-pushed
the
add/jwt-schema-claim-key
branch
from
c4ac255 to
6d2173d
Compare
Member
Author
|
Maybe we should also link the |
It follows the same JSPath grammar as `jwt-role-claim-key`. If the schema is specified in JWT claims, it overides the `Accept-Profile` and `Content-Profile` headers. Signed-off-by: Taimoor Zaeem <taimoorzaeem@gmail.com>
taimoorzaeem
force-pushed
the
add/jwt-schema-claim-key
branch
from
6d2173d to
1455a88
Compare
| JWT Schema Extraction | ||
| ~~~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
| Schema can be specified in JWT claims. It is configured by :ref:`jwt-schema-claim-key`. This feature can be used for JWT-driven schema-based multitenancy. It allows fully hidden schema selection without exposing the schema in :ref:`profile headers <profile_headers>`. The schema specified in JWT takes precedence over profile headers. |
Member
There was a problem hiding this comment.
A bit shorter
Suggested change
| Schema can be specified in JWT claims. It is configured by :ref:`jwt-schema-claim-key`. This feature can be used for JWT-driven schema-based multitenancy. It allows fully hidden schema selection without exposing the schema in :ref:`profile headers <profile_headers>`. The schema specified in JWT takes precedence over profile headers. | |
| The schema can be extracted from the JWT claims using the :ref:`jwt-schema-claim-key`. This feature can be used for schema-based multitenancy. It allows hidden schema selection without exposing the schema in :ref:`profile headers <profile_headers>`. The schema specified in JWT takes precedence over profile headers. |
Member
There was a problem hiding this comment.
@taimoorzaeem Sorry, I rushed into commiting this suggestion. You can squash it.
Member
Author
There was a problem hiding this comment.
No worries, that's cool.
steve-chavez
approved these changes
Apr 16, 2026
|
|
||
| =============== ================================= | ||
| **Type** String | ||
| **Default** .schema |
Member
There was a problem hiding this comment.
Oh, this one almost slips by. It should be empty by default, consider:
- User upgrades to next major
- Some of their JWTs somehow contained a
schemakey (unrelated to the database schema) - Now they'll run into some requests failing saying "schema X does not exist" and be confused about it.
So users should be conscious and careful about this key name. Maybe we even suggest an example JWT containing a db_schema key. (just schema can mean lots of different things)
Member
Author
There was a problem hiding this comment.
Ah right, good catch. 👍
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
It follows the same JSPath grammar as
jwt-role-claim-key. Ifthe schema is specified in JWT claims, it overides the
Accept-Profileand
Content-Profileheaders.Closes #4608.