-
|
I'm talking about this https://hasura.io/docs/latest/graphql/core/actions/codegen/python-flask.html#actions-codegen-python-flask Well, I've been working with Hasura for tha last months and I like it a lot but I'm curious about this, cause I implemented that example for a project and the update password allows to anybody to update users password and this is because the endpoint is unprotected, but if I protect it with JWT authorization, from Hasura I can't update the password cause it asks for Authorization header, so, I hope you can help on this. Thanks in advance |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Instead of using JWT auth with your action handler, try a secret password that you pass via headers https://hasura.io/docs/latest/graphql/core/actions/action-handlers.html#restrict-access-to-your-action-handler |
Beta Was this translation helpful? Give feedback.
-
This was true since the very beginning. I learned a few days after this that you can use some header like using an API key. Thank you for your comment. p.s I know I'm late. |
Beta Was this translation helpful? Give feedback.
Instead of using JWT auth with your action handler, try a secret password that you pass via headers https://hasura.io/docs/latest/graphql/core/actions/action-handlers.html#restrict-access-to-your-action-handler