Extensions
Extensions allow to extend the system's behaviour with custom logic. Quasr allows you to run your own custom code to respond to platform events (such as account creation, OTP, data capture, ...) or add custom claims to ID and/or access tokens. Both use case differ in their integration pattern, responding to platform events is async, while adding custom claims to tokens is synchronous.
Quasr currently only supports the following programming languages/frameworks for extensions:
Node.js 22 in JavaScript on AWS Lambda
Synchronous vs Asynchronous
Run as part of request; time-sensitive
Run outside of requests; not time-sensitive
Current use cases: - add custom claims to ID token - add custom claims to access token - modify granted scopes in access token
Current use cases: - respond to API calls - respond to resource creation - respond to resource updates - respond to resource deletion - respond to input capture (username / OTP) - respond to claims capture (federation) - respond to communication (send OTP) - respond to authentication events - respond to authorization events
Configured as part of resource: - client configuration
Configured as part of extension: - rule configuration
Tenant Administration UI
A code extension can be created and configured through the Tenant Admin UI > Extensions > Code Extensions.
It is currently not possible to update extensions (besides their label and status). The Tenant Admin UI may give the impression but it does not update the extension. If you want to change the code and/or rule of an extension you hence have to create a new one with the desired code and/or rule.
API
Code Extensions can also be created and configured through the Admin API, see Postman Collection and GraphQL Voyager.
The code must be provided in Base64 encoded format.
GraphQL Example
// GraphQL Query (Sample)
mutation createExtension ($input: CreateExtensionInput!) {
createExtension (input: $input) {
id
}
}
// GraphQL Variables (Sample)
{
"input": {
"label": "My Code Extension",
"code": "ZXhwb3J0IGFzeW5jIGZ1bmN0aW9uIGhhbmRsZXIoKSB7IHJldHVybiB7IG1hZ2ljOiAndGVzdCcgfX0="
}
}
// Response (Sample)
{
"data": {
"createExtension": {
"id": "8bde5565-7027-4232-8db8-3f3ca1acaeac"
}
}
}NodeJs - Axios Example
var axios = require('axios');
var data = JSON.stringify({
query: `mutation createExtension ($input: CreateExtensionInput!) {
createExtension (input: $input) {
id
}
}`,
variables: {
"input": {
"label": "My Code Extension",
"code": "ZXhwb3J0IGFzeW5jIGZ1bmN0aW9uIGhhbmRsZXIoKSB7IHJldHVybiB7IG1hZ2ljOiAndGVzdCcgfX0="
}
}
});
var config = {
method: 'post',
url: 'https://{tenant_id}.api.quasr.io/graphql',
headers: {
'Authorization': 'Bearer ACCESS_TOKEN_WITH_ADMIN_SCOPE',
'Content-Type': 'application/json'
},
data : data
};
axios(config)
.then(function (response) {
console.log(JSON.stringify(response.data));
})
.catch(function (error) {
console.log(error);
});Build
You can query the status by using getExtension and looking for the build status. Once the build has started it will say STARTED and once finished it will be either SUCCEEDED or FAILED. In case your extension build succeeded your extension status will change to ENABLED, else it will become DISABLED.
You are limited to 5 enabled code extensions per tenant. When your extension is initially deployed it will be valid for 1 day, in which time you must successfully run the extension or it will expire. Afterwards it will expire after an inactivity window of 30 days.
You provide code for a Nodejs 22 AWS Lambda function in JavaScript. The main function must be called handler (for more information please study AWS Lambda documentation here).
Below the package.json we use during build hence no imports are allowed.
{} // no importsManagement API for Extensions
see GraphQL Voyager
Last updated