NpgsqlRest

Appearance

Comments
Written with Claude
IMPORTANT

As you may notice, this page and pretty much the entire website were obviously created with the help of AI. I wonder how you could tell? Was it a big "Written With Claude" badge on every page? I moved it to the top now (with the help of AI of course) to make it even more obvious. There are a few blogposts that were written by me manually, the old-fashioned way, I hope there will be more in the future, and those have a similar "Human Written" badge. This project (not the website), on the other hand, is a very, very different story. It took me more than two years of painstaking and unpaid work in my own free time. A story that, hopefully, I will tell someday. But meanwhile, what would you like me to do? To create a complex documentation website with a bunch of highly technical articles with the help of AI and fake it, to give you an illusion that I also did that manually? Like the half of itnernet is doing at this point? How does that makes any sense? Is that even fair to you? Or maybe to create this website manually, the old-fashioned way, just for you? While working a paid job for a salary, most of you wouldn't even get up in the morning. Would you like me to sing you a song while we're at it? For your personal entertainment? Seriously, get a grip. Do you find this information less valuable because of the way this website was created? I give my best to fix it to keep the information as accurate as possible, and I think it is very accurate at this point. If you find some mistakes, inaccurancies or problems, there is a comment section at the bottom of every page, which I also made with the help of the AI. And I woould very much appreciate if you leave your feedback there. Look, I'm just a guy who likes SQL, that's all. If you don't approve of how this website was constructed and the use of AI tools, I suggest closing this page and never wever coming back. And good riddance. And I would ban your access if I could know how. Thank you for your attention to this matter.

Claims Mapping

Configure how authenticated user claims are mapped to PostgreSQL context variables and function parameters.

Overview

json
json
{
  "NpgsqlRest": {
    "AuthenticationOptions": {
      "UseUserContext": false,
      "ContextKeyClaimsMapping": {
        "request.user_id": "user_id",
        "request.user_name": "user_name",
        "request.user_roles": "user_roles"
      },
      "ClaimsJsonContextKey": null,
      "IpAddressContextKey": "request.ip_address",
      "UseUserParameters": false,
      "ParameterNameClaimsMapping": {
        "_user_id": "user_id",
        "_user_name": "user_name",
        "_user_roles": "user_roles"
      },
      "ClaimsJsonParameterName": "_user_claims",
      "IpAddressParameterName": "_ip_address"
    }
  }
}

User Context (PostgreSQL Context Variables)

Map authenticated user claims to PostgreSQL session context variables. Enable for specific endpoints using the user_context annotation, or enable globally with UseUserContext.

SettingTypeDefaultDescription
UseUserContextboolfalseEnable automatic claim-to-context mapping for all endpoints. Override per-endpoint with user_context annotation.
ContextKeyClaimsMappingobject(see below)Map of PostgreSQL context keys to claim names. Key is the context variable name, value is the claim type.
ClaimsJsonContextKeystringnullContext key for all claims serialized as JSON. Set to "request.user_claims" to enable.
IpAddressContextKeystring"request.ip_address"Context key for client IP address.

Default Context Mapping

json
json
{
  "ContextKeyClaimsMapping": {
    "request.user_id": "user_id",
    "request.user_name": "user_name",
    "request.user_roles": "user_roles"
  }
}

Custom Context Mapping Example

Map additional claims to custom context keys:

json
json
{
  "ContextKeyClaimsMapping": {
    "request.user_id": "user_id",
    "request.user_name": "user_name",
    "request.user_roles": "user_roles",
    "request.user_email": "email",
    "request.tenant_id": "tenant_id"
  },
  "ClaimsJsonContextKey": "request.user_claims"
}

Access in PostgreSQL

sql
sql
-- Access individual claims
select current_setting('request.user_id', true);
select current_setting('request.user_name', true);
select current_setting('request.user_roles', true);

-- Access client IP address
select current_setting('request.ip_address', true);

-- Access all claims as JSON (when ClaimsJsonContextKey is configured)
select current_setting('request.user_claims', true)::jsonb;

TIP

Always use true as the second parameter to current_setting() to avoid errors when the setting doesn't exist.

User Parameters

Map authenticated user claims to function parameters. Enable for specific endpoints using the user_parameters annotation, or enable globally with UseUserParameters.

SettingTypeDefaultDescription
UseUserParametersboolfalseEnable automatic claim-to-parameter mapping for all endpoints. Override per-endpoint with user_parameters annotation.
ParameterNameClaimsMappingobject(see below)Map of function parameter names to claim names. Key is the parameter name, value is the claim type.
ClaimsJsonParameterNamestring"_user_claims"Parameter name that receives all claims serialized as JSON.
IpAddressParameterNamestring"_ip_address"Parameter name that receives the client IP address.

Default Parameter Mapping

json
json
{
  "ParameterNameClaimsMapping": {
    "_user_id": "user_id",
    "_user_name": "user_name",
    "_user_roles": "user_roles"
  }
}

Custom Parameter Mapping Example

Map additional claims to custom parameter names:

json
json
{
  "ParameterNameClaimsMapping": {
    "_user_id": "user_id",
    "_user_name": "user_name",
    "_user_roles": "user_roles",
    "_email": "email",
    "_tenant": "tenant_id"
  },
  "ClaimsJsonParameterName": "_user_claims",
  "IpAddressParameterName": "_ip_address"
}

Example Function Using Parameters

sql
sql
create function get_user_data(
    _user_id text,
    _user_name text,
    _user_roles text[],
    _ip_address text,
    _user_claims json
)
returns table (
    user_id int,
    user_name text,
    roles text[],
    ip text,
    all_claims json
)
language sql
begin atomic;
select
    _user_id::int,
    _user_name,
    _user_roles,
    _ip_address,
    _user_claims;
end;

comment on function get_user_data(text, text, text[], text, json) is '
@authorize
@user_params
';

TIP

Parameters with default values can be used without authentication. When the user is authenticated, claim values override the defaults.

Complete Example

Configuration with user context and parameters enabled:

json
json
{
  "NpgsqlRest": {
    "AuthenticationOptions": {
      "UseUserContext": true,
      "ContextKeyClaimsMapping": {
        "request.user_id": "user_id",
        "request.user_name": "user_name",
        "request.user_roles": "user_roles"
      },
      "IpAddressContextKey": "request.ip_address",
      "UseUserParameters": true,
      "ParameterNameClaimsMapping": {
        "_user_id": "user_id",
        "_user_name": "user_name",
        "_user_roles": "user_roles"
      },
      "ClaimsJsonParameterName": "_user_claims",
      "IpAddressParameterName": "_ip_address"
    }
  }
}

Next Steps

Comments