Authentication inside GraphQL / Juniper #32
Comments
|
The GraphQL specification doesn’t tell you how to do authentication or authorization. It can be a bit confusing to developers who are new to GraphQL. I don’t claim to have all the answers, so if you have a different idea or a different opinion, feel free to share that in the comments so we can all learn together!
I am fan of SRP (single responsibility principle), GraphQL for the query, the endpoint for consuming the data and the authentication server for what you know ... Like major compagnies with Oauth ... In my point I don't think it's a good choice to handle it into the graphql endpoints as it is a single endpoint...what you can do if you want to make the full endpoint private? |
|
In the Node.js ecosystem there is good tooling around authorization inside the GraphQL schema itself, to give some examples: I don't have the experience in Rust to give some examples in how I could do it here, but it's specially convenient for the client side to use the same tooling used for the GraphQL schema (Apollo / Relay / urql /gqless, etc...) while doing the authentication process, simply using mutations, instead of hacking around extra logic just for the current_user / login / sign_up / logout. |
|
And it raises another question, how can I expose some parts of the GraphQL Schema of this template to be open without authorization? |
In Node.js GraphQL servers you simply give as context functions that handle the cookies/session to do the authentication, but in this template the authentication is being handled outside of GraphQL, how can I handle it all inside GraphQL? when I try to simply give the actix session stuff it just says it can't be shared between threads.
The text was updated successfully, but these errors were encountered: