Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Authentication & Authorization in GraphQL

Authentication & Authorization in GraphQL

- GraphQL Overview
- GraphQL Tooling with Apollo
- Authentication & Authorization in GraphQL
- GraphQL for the next billion users

Otemuyiwa Prosper

June 15, 2018

More Decks by Otemuyiwa Prosper

Other Decks in Programming


  1. How do we fetch data effectively & fast? 12 Okay

    Prosper, what will save us? BuzzJS NYC 2018
  2. 16 BuzzJS NYC 2018 Construct a query on the client

    to fetch data Fetch whatever data you want at once!
  3. Manage local State 25 Request for local data with @client

    directive github.com/apollographql/apollo-link-state
  4. 31

  5. Context Object? Oh Yeah! 38 The context object is passed

    to every single resolver at every level.
  6. Resolver Level Auth. 40 Resolvers have the ability to check

    user roles or scopes and make authorization decisions.
  7. Resolver Level Auth. Repetitive? 42 ...the approach is great but

    imagine doing this check for every resolver. Ah!
  8. 44

  9. 49

  10. 51

  11. Custom Directives 53 Custom directives can be used for a

    lot of things: auth, error tracking, translation, etc
  12. Auth. outside GraphQL 57 If your REST API already has

    authorization baked in, why bother implementing on the GraphQL level?
  13. GraphQL for the next Billion Users 63 Sign up for

    Early Access: apollographql.com/edge
  14. More Information on Auth. 64 GraphQL & Apollo: apollographql.com/docs JWT

    Book: auth0.com/resources/ebooks/jwt-handbook Authentication & Authorization: auth0.com/blog