https://cerbos.dev logo
#help
Title
# help
f

Farzad Soltani

09/19/2023, 11:29 AM
I'm trying to implement my JWT decode functionality in Cerbos using auxiliary data. I've added the following block to my JSON object when using the
checkResources
method:
Copy code
auxData: {
	jwt: {
		token,
		keySetId: 'default',
	},
},
The token comes from
request.headers
in my Express app. Since I'm doing all the decoding business in Cerbos, I was wondering how I was supposed to pass the user's id as the principal's id without decoding the token:
Copy code
const {results} = await cerbos.checkResources({
	principal: {
		id: String(user.id),
		roles: user.roles,
	},
...
c

Charith (Cerbos)

09/19/2023, 11:38 AM
There's currently no way to map JWT claims to request fields. If your user ID is in the JWT and you need to have that ID showing up on audit logs, you have to decode it in your app. If not, you can use a placeholder value as the principal ID and make sure to write all your Cerbos policy rules to get the ID from
auxData.jwt
instead of
principal.id
.
f

Farzad Soltani

09/19/2023, 11:44 AM
Thanks for the reply Charith. Can you point me in the direction of docs which contain examples/explanations of these placeholders?
c

Charith (Cerbos)

09/19/2023, 12:10 PM
I don't think we have an example in the docs. By placeholder I meant a dummy value. You could set the JWT token string as the user ID value, for instance.
2 Views