Skip to content
This repository was archived by the owner on Feb 3, 2026. It is now read-only.

Quickstart.md

Latest commit

 

History

History
71 lines (45 loc) · 1.45 KB

Quickstart.md

File metadata and controls

71 lines (45 loc) · 1.45 KB

quickstart

./example/build.sh

usage

kubectl port-forward service/postgrest 30001:3000
kubectl port-forward service/postgrest 30002:8000

anon - unauthenticated default

schema usage is allowed; therefore, basic information can be queried

curl localhost:30001 | jq

but specific data must have permissions granted

curl localhost:30001/notes | jq

peek - short-lived JWT token

Using the keyserver api key, request a short-lived token

export token=$(curl -H "Authorization: Bearer a-string-secret-at-least-256-bits-long" localhost:30002/peek | jq -r '.access_token')

and make a request

curl -H "Authorization: Bearer $token" localhost:30001/notes | jq

view - authenticated by OIDC service

first, obtain a JWT from your OIDC service. The service's JWK must be loaded into the keyserver to verify the token. Then, can view

curl -H "Authorization: Bearer $token" localhost:30001/notes | jq

but not edit

curl -H "Content-Type: application/json" -H "Authorization: Bearer $token" localhost:30001/notes -d '{"note":"meow"}'

edit - authenticated by OIDC service

Now obtain a JWT with the edit role. You can still view

curl -H "Authorization: Bearer $token" localhost:30001/notes | jq

but also edit

curl -H "Content-Type: application/json" -H "Authorization: Bearer $token" localhost:30001/notes -d '{"note":"meow"}'