The Audacity Crack is an extremely well-liked software and is among the most effective recording and editing tools that are compatible with Windows as well as Mac operating systems. This program…
However, most API backends require authentication and authorization. In GraphQL there are many ways to achieve this.
In this article, I’ll discuss one such approach to implement authorization.
The getPosts
query does not need an authenticated user. On the other hand the createPost
mutation strictly requires an authenticated user.
The isAuthenticated
directive attached to the createPost
validates the authentication token and based on the strict
flag throws a GraphQL error if authorization fails.
Using a GraphQL directive to handle authorization has couple of benefits:
Our token
handling code lives in the directive. Thus the resolvers can simply use the fully hydrated user object via context.currentUser
If needed we can extend the directive to support a role based authorization by simply accepting another arg @isAuthenticated(strict: true, roles: ['ADMIN'])
The @isAuthenticated
directive is specified next to the fields in the schema.graphql
so it’s easy to see which APIs require authenticated user. Also we are updating the field.description
with the 🔑! So it will be visible in the GraphiQL
or the playground
UI. We can also document the roles required to access the API and so on.
Agree? Disagree? Questions? Just let me know here in the comments. And if you’ve enjoyed this article, please consider 💖ing and sharing it!
As most of you will have noticed or heard we recently updated a lot on Xiphos.Exchange. To make it a bit easier to know what we added/changed we have decided to release this changelog. Every big…
Alhamdulillah wa tabaaraka rahmaan. Dini hari ini, kalau boleh mengutip ungkapan guru kita Ustadz Salim A Fillah, saya diizinkan Allah untuk mengecap lapis lapis keberkahan. Siapa yang mengira…