@dsek/graphql-auth-directives-unsigned NPM

graphql-auth-directives-unsigned

This is a fork of graphql-auth-directives which does not parse of verify any JWTs. Everything is plain text objects. The authenticity of the claims should be verified before reaching this library! If you don't have a specific need of separating the verification of authenticity from the authorization check, you should use graphql-auth-directives instead!

Add authentication to your GraphQL API with schema directives.

Schema directives for authorization

@isAuthenticated
@hasRole
@hasScope

Quick start

npm install --save graphql-auth-directives-unsigned

Then import the schema directives you'd like to use and attach them during your GraphQL schema construction. For example using neo4j-graphql.js' makeAugmentedSchema:

import { IsAuthenticatedDirective, HasRoleDirective, HasScopeDirective } from "graphql-auth-directives";

const augmentedSchema = makeAugmentedSchema({
  typeDefs,
  schemaDirectives: {
    isAuthenticated: IsAuthenticatedDirective,
    hasRole: HasRoleDirective,
    hasScope: HasScopeDirective
  }
});

The @hasRole, @hasScope, and @isAuthenticated directives will now be available for use in your GraphQL schema:

type Query {
    userById(userId: ID!): User @hasScope(scopes: ["User:Read"])
    itemById(itemId: ID!): Item @hasScope(scopes: ["Item:Read"])
}

Be sure to inject the relevant variables into the GraphQL resolver context. For example, with Apollo Server:

const server = new ApolloServer({
  schema,
  context: ({ req }) => {
    const user = req.headers.user && JSON.parse(req.headers.user);
    return { user };
  }
});

GraphQL authorization neo4j dsek LTH Lund

apollo-errors graphql graphql-tools

@infinitebrahmanuniverse/nolb-_dse @everything-registry/sub-chunk-258

5 years ago

5 years ago

5 years ago

5 years ago

5 years ago

5 years ago