Permission Error on Create Tokens FQL Function

I have created this function:

Query(Lambda("x", Create(Tokens(), { instance: Identity() })))

When calling this with token in the header I get this error:

{
  "errors": [
    {
      "message": "Insufficient privileges to perform the action.",
      "extensions": {
        "code": "permission denied"
      }
    }
  ]
}

Thanks for posting here Fahad.

This is indeed undocumented, the insight insight here is that Tokens() is actually just a collection. A very special one, but you can do everything with Tokens() that you can do with a a regular collection, e.g. Collection(‘some name’). Which you can already see from the code you have posted here:

Query(Lambda("x", Create(Tokens(), { instance: Identity() })))

This syntax is very similar to the one to create a regular document right (you could even add data on a token if you would want to)

You can then use that knowledge and apply it to roles. It’s possible to write a role that gives access to create tokens. Do be careful about that since that means he can create tokens on many collections (if you would have multiple types of tokens). An example below from a skeleton application that I will release shortly:

const CreateFnRoleLogin = CreateOrUpdateRole({
  name: 'functionrole_login',
  privileges: [
    {
      resource: Index('accounts_by_email'),
      actions: { read: true }
    },
    {
      resource: Collection('accounts'),
      actions: { read: true }
    },
    {
      resource: Tokens(),
      actions: { create: true }
    }
  ]
})
3 Likes

What about Login? Do I need to give permissions to create as well if I am using Login instead of Create(Token(), ...)?

Regardless of whether I choose

  • Create(Tokens(), { instance: Var('account') })
  • or Login(Var('account'), { password: Var('password') })

I keep getting the freaking Insufficient privileges to perform the action. Giving Tokens() all possible permissions doesn’t help: