Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Authentication & Authorization in GraphQL

Avatar for Otemuyiwa Prosper Otemuyiwa Prosper
June 15, 2018
Programming
5
2k

Authentication & Authorization in GraphQL

- GraphQL Overview
- GraphQL Tooling with Apollo
- Authentication & Authorization in GraphQL
- GraphQL for the next billion users
Avatar for Otemuyiwa Prosper

Otemuyiwa Prosper

June 15, 2018
Tweet

More Decks by Otemuyiwa Prosper

See All by Otemuyiwa Prosper
A.I (Artificial Intelligence) for the rest of us
Avatar for Otemuyiwa Prosper unicodeveloper
2
550
The Complete Guide to building In-App Notifications in Web Apps
Avatar for Otemuyiwa Prosper unicodeveloper
0
310
The Golden Ticket: Becoming a Superstar & Impactful Open Source Contributor
Avatar for Otemuyiwa Prosper unicodeveloper
0
130
Optimizing Developer Workflow with Sourcegraph
Avatar for Otemuyiwa Prosper unicodeveloper
0
180
Code Search with Laravel and Sourcegraph
Avatar for Otemuyiwa Prosper unicodeveloper
1
320
Lightning Talk - JAMStack
Avatar for Otemuyiwa Prosper unicodeveloper
0
740
Engineering Faster Web Experiences in Plain Sight
Avatar for Otemuyiwa Prosper unicodeveloper
0
240
Authentication & Authorization in Next.js
Avatar for Otemuyiwa Prosper unicodeveloper
3
820
webpack 4: Lighting the fire
Avatar for Otemuyiwa Prosper unicodeveloper
3
560

Other Decks in Programming

See All in Programming
GitHub Copilot for Azureを使い倒したい
Avatar for Kento.Yamada ymd65536
1
330
Cursorを活用したAIプログラミングについて 入門
Avatar for 株式会社レクト rect
0
230
20250426 GDGoC 合同新歓 - GDGoC のススメ
Avatar for Yoshimura Naoya getty708
0
110
Serving TUIs over SSH with Go
Avatar for Carlos Alexandro Becker caarlos0
0
720
Embracing Ruby magic
Avatar for Vinicius Stock vinistock
2
260
私のRubyKaigi 2025 Kaigi Effect / My RubyKaigi 2025 Kaigi Effect
Avatar for chobishiba chobishiba
1
130
flutter_kaigi_mini_4.pdf
Avatar for Hiroki Nobuta nobu74658
0
150
AWS Summit Hong Kong 2025: Reinventing Programming - How AI Transforms Our Enterprise Coding Approach
Avatar for Ernest Chiang dwchiang
0
140
“技術カンファレンスで何か変わる?” ──RubyKaigi後の自分とチームを振り返る
Avatar for shun ssagara00
0
120
Cursor/Devin全社導入の理想と現実
Avatar for Ryoichi Saito saitoryc
29
22k
オープンソースコントリビュート入門
Avatar for katsuma _katsuma
0
130
「MCPを使ってる人」が より詳しくなるための解説
Avatar for Kota-Yamaguchi yamaguchidesu
0
220

Featured

See All Featured
Designing Dashboards & Data Visualisations in Web Apps
Avatar for Des Traynor destraynor
231
53k
4 Signs Your Business is Dying
Avatar for Josh Pigford shpigford
183
22k
No one is an island. Learnings from fostering a developers community.
Avatar for Antonio thoeni
21
3.3k
How GitHub (no longer) Works
Avatar for Zach Holman holman
314
140k
Why Our Code Smells
Avatar for Brandon Keepers bkeepers
PRO
336
57k
Automating Front-end Workflow
Avatar for Addy Osmani addyosmani
1370
200k
KATA
Avatar for Megan Lloyd mclloyd
29
14k
A designer walks into a library…
Avatar for Paul Jervis Heath pauljervisheath
205
24k
Understanding Cognitive Biases in Performance Measurement
Avatar for Philip Tellis bluesmoon
29
1.7k
Music & Morning Musume
Avatar for Bryan Veloso bryan
47
6.5k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
Avatar for Joe Casabona jcasabona
32
2.3k
The Power of CSS Pseudo Elements
Avatar for Geoffrey Crofte geoffreycrofte
75
5.8k

Transcript

  1. AUTHENTICATION & AUTHORIZATION in GraphQL PROSPER OTEMUYIWA | BuzzJS NYC

    2018

  2. 2 A LITTLE ABOUT ME! BuzzJS NYC 2018

  3. LAGOS, NIGERIA 3 HOME CITIZEN & RESIDENT OF

  4. PRINCIPAL JOLLOF RICE ADVOCATE 4 A NIGERIAN MOUTH-WATERING DELICACY. TRY

    IT TODAY!

  5. COMMUNITY DEVELOPER ADVOCATE 5 forloop Africa Laravel Nigeria Angular Nigeria

  6. OPEN SOURCE ENGINEER / DEVELOPER ADVOCATE 6 @unicodeveloper

  7. 7 Look at all the data! Where do I start

    from? BuzzJS NYC 2018

  8. How many clients will consume this data? 8 BuzzJS NYC

    2018

  9. 9 BuzzJS NYC 2018

  10. What’s an effective way to fetch this data? 10 REST

    BuzzJS NYC 2018

  11. 11 REST is great but... ▰ ▰ ▰ ▰ BuzzJS

    NYC 2018

  12. How do we fetch data effectively & fast? 12 Okay

    Prosper, what will save us? BuzzJS NYC 2018

  13. 13 BuzzJS NYC 2018 Source: https://goo.gl/AvC3Yg

  14. What’s GraphQL? 14 ▰ ▰ ▰ BuzzJS NYC 2018

  15. 15 BuzzJS NYC 2018 Build a Schema on the Server

  16. 16 BuzzJS NYC 2018 Construct a query on the client

    to fetch data Fetch whatever data you want at once!

  17. 17 Data sent back to the Client BuzzJS NYC 2018

  18. 18 BuzzJS NYC 2018 GraphQL Playground: Query your Schemas

  19. “ 19 19

  20. Build the Schema & GraphQL Server with Apollo Server 20

  21. Build the Schema & GraphQL Server 21 apollographql.com/docs/apollo-server/v2

  22. “ 22 22

  23. Data Fetching With Apollo Client 23 Fetch data declaratively

  24. State Management with Apollo Link State 24

  25. Manage local State 25 Request for local data with @client

    directive github.com/apollographql/apollo-link-state

  26. Use the Client to query efficiently 26 apollographql.com/docs/react

  27. “ 27 27

  28. APOLLO ENGINE - New Relic for GraphQL 28

  29. APOLLO ENGINE - QUERY & SCHEMA ANALYSIS 29

  30. 30 APOLLO ENGINE apollographql.com/engine apollographql.com/docs/engine

  31. 31

  32. Authentication & Authorization 32 BuzzJS NYC 2018

  33. AUTHENTICATION & AUTHORIZATION 33 ...DIFFERENT WAYS OF GOING ABOUT THIS!

  34. 34 Typical REST API authentication middleware

  35. AUTHENTICATION & AUTHORIZATION 35 ...how can we achieve this in

    GraphQL?

  36. GENERAL: BUILD THE CONTEXT OBJECT 36 ..build the context object

    with info from the request headers.

  37. 37 ...now we have context.user

  38. Context Object? Oh Yeah! 38 The context object is passed

    to every single resolver at every level.

  39. Resolver Level Auth. 39 1

  40. Resolver Level Auth. 40 Resolvers have the ability to check

    user roles or scopes and make authorization decisions.

  41. 41 ...Allow access for this particular user

  42. Resolver Level Auth. Repetitive? 42 ...the approach is great but

    imagine doing this check for every resolver. Ah!

  43. Resolver Level Auth. Abstract the code. 43 Write once, call

    it anywhere & everywhere.

  44. 44

  45. ▰ ▰ ▰ ▰ Apollo Server 2.0 RC

  46. More Info on Error Handling: apollographql.com/docs/apollo-server/v2/feat ures/errors.html

  47. Auth. Delegation to Models 47 2

  48. Recommendation 48 Clog your resolvers with data fetching and mutation

    logic. Move them to Models.

  49. 49

  50. Recommendation 50 Go ahead and perform the authorization inside the

    Model.

  51. 51

  52. Auth via Custom Directives 52 3

  53. Custom Directives 53 Custom directives can be used for a

    lot of things: auth, error tracking, translation, etc

  54. Custom Directives for Auth 54

  55. Custom Directives for Auth 55 apollographql.com/docs/graphql-tools/ schema-directives.html Implementation detail is

    a little bit complex, but more details can be found in the link below.

  56. Auth. outside GraphQL 56 4

  57. Auth. outside GraphQL 57 If your REST API already has

    authorization baked in, why bother implementing on the GraphQL level?

  58. 58 ...pass the request header, then….

  59. 59 …then pass the header to the model method.

  60. GraphQL for the next Billion Users 60 BuzzJS NYC 2018

  61. GraphQL for the next Billion Users 61 GraphQL on the

    Edge

  62. 62 ▰ ▰ ▰

  63. GraphQL for the next Billion Users 63 Sign up for

    Early Access: apollographql.com/edge

  64. More Information on Auth. 64 GraphQL & Apollo: apollographql.com/docs JWT

    Book: auth0.com/resources/ebooks/jwt-handbook Authentication & Authorization: auth0.com/blog

  65. 65 THANKS! Any questions? BuzzJS NYC 2018