Authentication

NodeDB supports multiple authentication methods simultaneously.

Password Auth (SCRAM-SHA-256)

CREATE USER alice WITH PASSWORD 'strong_password';
CREATE USER bob WITH PASSWORD 'secret' ROLE readonly;

psql -h localhost -p 6432 -U alice

API Keys

CREATE API KEY 'my-service' ROLE readwrite;
DROP API KEY 'my-service';

curl -H "Authorization: Bearer <api-key>" http://localhost:6480/query

JWKS (JWT)

Multi-provider support (Auth0, Clerk, Supabase, Firebase, Keycloak, Cognito):

[auth.jwt]
providers = [{ issuer = "https://your-domain.auth0.com/", audience = "your-api" }]

JWT claims map to $auth.* session variables for RLS:

ClaimVariableUsage
sub$auth.idWHERE user_id = $auth.id
role$auth.roleWHERE $auth.role = 'admin'
org_id$auth.org_idWHERE org_id = $auth.org_id
scope$auth.scopesScope-based access control

Supported algorithms: RS256, ES256.

mTLS

[tls]
cert = "/path/to/server.crt"
key = "/path/to/server.key"
client_ca = "/path/to/ca.crt"     # enables mTLS

Auth Priority

  1. mTLS → 2. JWT Bearer → 3. API key → 4. SCRAM-SHA-256
View page sourceLast updated on Apr 18, 2026 by Farhan Syah