Skip to content

Commit

Permalink
[pg_session_jwt] Improves the README's top level description (#12)
Browse files Browse the repository at this point in the history 
CC @conradludgate @bgrenon
  • Loading branch information
@davidgomes
davidgomes authored Oct 9, 2024
1 parent 3f6b7a9 commit fdce94b
Showing 1 changed file with 7 additions and 5 deletions.
12 changes: 7 additions & 5 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,19 @@
pg\_session\_jwt
================

`pg_session_jwt` is a PostgreSQL extension designed to handle JSON Web Tokens (JWT) within PostgreSQL sessions. It provides utilities to manage JWT-based authentication and user sessions securely in the database.
`pg_session_jwt` is a PostgreSQL extension designed to handle authenticated sessions through a JWT. This JWT is then verified against a JWK (JSON Web Key) to ensure its authenticity. Both the JWK and the JWT must be provided to the extension by a Postgres superuser. The extension then stores the JWT in the database for later retrieval, and exposes functions to retrieve the user ID (the `sub` subject field) and other parts of the payload.

The goal of this extension is to provide a secure and efficient way to manage authenticated sessions in a PostgreSQL database. The JWTs can be generated by third-party auth providers, and then developers can leverage the JWT for [Row Level Security](https://www.postgresql.org/docs/current/ddl-rowsecurity.html) (RLS) policies, or to retrieve the user ID for other purposes (column defaults, filters, etc.).

> [!WARNING]
> This extension is under active development. The entire API is subject to change.
Features
--------

* **Initialize JWT sessions** using a JWKS (JSON Web Key Set).
* **Initialize JWT sessions** using a JWK (JSON Web Key).

* **Retrieve the user ID** or session-related information directly from the database.
* **Retrieve the user ID** or other session-related information directly from the database.

* Simple JSONB-based storage and retrieval of session information.

Expand All @@ -20,9 +22,9 @@ Usage

`pg_session_jwt` exposes four main functions:

### 1\. auth.init(kid bigint, jwks jsonb) → void
### 1\. auth.init(kid bigint, jwk jsonb) → void

Initializes a session with a given key identifier (KID) and JWKS data in JSONB format.
Initializes a session with a given key identifier (KID) and JWK data in JSONB format.

### 2\. auth.jwt\_session\_init(jwt text) → void

Expand Down

0 comments on commit fdce94b

Please sign in to comment.