Back to Blog
Product | Auth | Elevated Permissions

Elevated Permissions

19 February 2024
Posted by
Transparent lines
Banner of Elevated Permissions

Sometimes we want to add an extra layer of security for specific bits of data or certain user workflows like changing a user email or resetting a password.

Elevated Permissions is a new feature from Nhost Auth that allows developers to require an extra validation step using a Security Key.

How does it work?

A new claim x-hasura-auth-elevated: $user-id is added to the access token of an already logged in user once the extra security challenge is passed and it will be available for as long as the access token is valid.


x-hasura-auth-elevated can be used as a Permission Variable to define permissions on your GraphQL data and actions that require the extra security check. In the same way as we would use x-hasura-user-id.

Auth API

Some user information is changed through Auth's API rather then through GraphQL:

  • changing passwords
  • changing emails
  • enabling or disabling MFA
  • adding security keys
  • creating PATs

You can add the extra check for these Auth endpoints and require the elevated claim by setting the following configuration:

mode = 'required'

For more detailed information on Elevated Permissions you can read the documentation or check one of our examples.

Share this post

Twitter LogoLinkedIn LogoFacebook Logo