how to auth
play

HOW TO AUTH: SECURE A GRAPHQL API WITH CONFIDENCE MANDI WISE | - PowerPoint PPT Presentation

HOW TO AUTH: SECURE A GRAPHQL API WITH CONFIDENCE MANDI WISE | GRAPHQL SUMMIT 2020 AGENDA Authentication Authorization Federation GRAPHQL SUMMIT 2020 AUTH AUTHENTICATION AUTHORIZATION YOU ARE WHO YOU SAY YOU ARE YOU CAN DO WHAT YOU WANT


  1. HOW TO AUTH: SECURE A GRAPHQL API WITH CONFIDENCE MANDI WISE | GRAPHQL SUMMIT 2020

  2. AGENDA Authentication Authorization Federation GRAPHQL SUMMIT 2020

  3. AUTH AUTHENTICATION AUTHORIZATION YOU ARE WHO YOU SAY YOU ARE YOU CAN DO WHAT YOU WANT TO DO

  4. AUTHENTICATION: YOU ARE WHO YOU SAY YOU ARE

  5. STARTING POINT We don’t want to lockdown our entire GraphQL endpoint We’re going to use JSON Web Tokens for auth We’ll use Express with Apollo Server GRAPHQL SUMMIT 2020

  6. eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ey JodHRwczovL3NwYWNlYXBpLmNvbS9ncmFwaHFsI jp7InJvbGVzIjpbImFzdHJvbmF1dCJdLCJwZXJt aXNzaW9ucyI6WyJyZWFkOm93bl91c2VyIl19LCJ pYXQiOjE1OTQyNTI2NjMsImV4cCI6MTU5NDMzOT A2Mywic3ViIjoiNjc4OTAifQ.Z1JPE53ca1Jaxw DTlnofa3hwpS0PGdRLUMIrC7M3FCI

  7. eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ey JodHRwczovL3NwYWNlYXBpLmNvbS9ncmFwaHFsI jp7InJvbGVzIjpbImFzdHJvbmF1dCJdLCJwZXJt aXNzaW9ucyI6WyJyZWFkOm93bl91c2VyIl19LCJ pYXQiOjE1OTQyNTI2NjMsImV4cCI6MTU5NDMzOT A2Mywic3ViIjoiNjc4OTAifQ.Z1JPE53ca1Jaxw DTlnofa3hwpS0PGdRLUMIrC7M3FCI

  8. eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ey JodHRwczovL3NwYWNlYXBpLmNvbS9ncmFwaHFsI jp7InJvbGVzIjpbImFzdHJvbmF1dCJdLCJwZXJt aXNzaW9ucyI6WyJyZWFkOm93bl91c2VyIl19LCJ pYXQiOjE1OTQyNTI2NjMsImV4cCI6MTU5NDMzOT A2Mywic3ViIjoiNjc4OTAifQ.Z1JPE53ca1Jaxw DTlnofa3hwpS0PGdRLUMIrC7M3FCI

  9. eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ey JodHRwczovL3NwYWNlYXBpLmNvbS9ncmFwaHFsI jp7InJvbGVzIjpbImFzdHJvbmF1dCJdLCJwZXJt aXNzaW9ucyI6WyJyZWFkOm93bl91c2VyIl19LCJ pYXQiOjE1OTQyNTI2NjMsImV4cCI6MTU5NDMzOT A2Mywic3ViIjoiNjc4OTAifQ.Z1JPE53ca1Jaxw DTlnofa3hwpS0PGdRLUMIrC7M3FCI

  10. DEMO TIME…

  11. AUTHORIZATION: YOU CAN DO WHAT YOU WANT TO DO

  12. A FEW OPTIONS Handle auth logic directly in each resolver function GRAPHQL SUMMIT 2020

  13. A FEW OPTIONS Handle auth logic directly in each resolver function Create custom directives (e.g. @auth(requires: DIRECTOR) ) Wrap resolver functions (e.g. GraphQL Auth) Abstract auth rules into middleware (e.g. GraphQL Shield) GRAPHQL SUMMIT 2020

  14. NOW DO FEDERATION

  15. SUMMING UP Handle incoming tokens in the context A viewer query can be an entry point for authenticated users Keep explicit authorization checks out of resolver functions Forward header from gateway API using buildService GRAPHQL SUMMIT 2020

  16. SHOW ME THE CODE! https://github.com/mandiwise/basic-apollo-auth-demo https://github.com/mandiwise/apollo-federation-auth-demo https://github.com/mandiwise/graphql-magic-auth-demo GRAPHQL SUMMIT 2020

  17. THANKS! TWITTER & GITHUB: @MANDIWISE

Recommend


More recommend