Skip to content

Commit

Permalink
docs: add extension and fix link
Browse files Browse the repository at this point in the history
  • Loading branch information
danieltprice committed Oct 30, 2024
1 parent d08d993 commit d5a3b0e
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 1 deletion.
2 changes: 2 additions & 0 deletions content/docs/extensions/extensions-intro.md
Original file line number Diff line number Diff line change
Expand Up @@ -251,6 +251,8 @@ Explore supported Postgres extensions by category. Also see:

<DetailIconCards>

<a href="/docs/guides/neon-authorize#how-the-pgsessionjwt-extension-works" description="Enables RLS policies to verify user identity directly within SQL queries" icon="check">pg_session_jwt</a>

<a href="https://www.postgresql.org/docs/16/pgcrypto.html" description="Offers cryptographic functions, allowing for encryption and hashing of data within Postgres" icon="check">pgcrypto</a>

<a href="https://github.com/michelp/pgjwt" description="Implements JSON Web Tokens (JWT) in Postgres, allowing for secure token creation and verification" icon="check">pgjwt</a>
Expand Down
1 change: 1 addition & 0 deletions content/docs/extensions/pg-extensions.md
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ Postgres 17, released in September 2024, currently lacks support for several ext
| [pg_partman](https://github.com/pgpartman/pg_partman) | 5.1.0 | 5.1.0 | 5.1.0 | 5.1.0 | |
| [pg_prewarm](/docs/extensions/pg_prewarm) | 1.2 | 1.2 | 1.2 | 1.2 | |
| [pg_roaringbitmap](https://github.com/ChenHuajun/pg_roaringbitmap) | 0.5 | 0.5 | 0.5 | 0.5 | Install with `CREATE EXTENSION roaringbitmap;` |
| [pg_session_jwt](/docs/guides/neon-authorize#how-the-pgsessionjwt-extension-works) | 0.1.2 | 0.1.2 | 0.1.2 | - | |
| [pg_stat_statements](/docs/extensions/pg_stat_statements) | 1.9 | 1.10 | 1.10 | 1.11 | |
| [pg_tiktoken](/docs/extensions/pg_tiktoken) | 0.0.1 | 0.0.1 | 0.0.1 | - | The [neon_superuser](/docs/manage/roles#the-neonsuperuser-role) role has `EXECUTE` privilege on the `pg_stat_statements_reset()` function. |
| [pg_trgm](/docs/extensions/pg_trgm) | 1.6 | 1.6 | 1.6 | 1.6 | |
Expand Down
2 changes: 1 addition & 1 deletion content/docs/guides/neon-authorize.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ const sql = neon(process.env.DATABASE_AUTHENTICATED_URL, { authToken: myAuthProv
await sql(`select * from todos`);
```

Behind the scenes, the [Neon Proxy](#the-role-of-the-neon-proxy) performs the validation, while Neon's open source [pg_session_jwt](#how-the-pg_session_jwt-extension-works) extension makes the extracted `user_id` available to Postgres. You can then use **Row-Level Security (RLS)** policies in Postgres to enforce access control at the row level, ensuring that users can only access or modify data according to the defined rules. Since these rules are implemented directly in the database, they can offer a secure fallback — or even a primary authorization solution — in case security in other layers of your application fail. See [when to rely on RLS](#when-to-rely-on-rls) for more information.
Behind the scenes, the [Neon Proxy](#the-role-of-the-neon-proxy) performs the validation, while Neon's open source [pg_session_jwt](/docs/guides/neon-authorize#how-the-pgsessionjwt-extension-works) extension makes the extracted `user_id` available to Postgres. You can then use **Row-Level Security (RLS)** policies in Postgres to enforce access control at the row level, ensuring that users can only access or modify data according to the defined rules. Since these rules are implemented directly in the database, they can offer a secure fallback — or even a primary authorization solution — in case security in other layers of your application fail. See [when to rely on RLS](#when-to-rely-on-rls) for more information.

![neon authorize architecture](/docs/guides/neon_authorize_architecture.png)

Expand Down

0 comments on commit d5a3b0e

Please sign in to comment.