Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Authentication & Authorization in GraphQL

Otemuyiwa Prosper
June 15, 2018
Programming
5
1.7k

Authentication & Authorization in GraphQL

- GraphQL Overview
- GraphQL Tooling with Apollo
- Authentication & Authorization in GraphQL
- GraphQL for the next billion users

Otemuyiwa Prosper

June 15, 2018
Tweet

More Decks by Otemuyiwa Prosper

See All by Otemuyiwa Prosper
A.I (Artificial Intelligence) for the rest of us
unicodeveloper
1
430
The Complete Guide to building In-App Notifications in Web Apps
unicodeveloper
0
280
The Golden Ticket: Becoming a Superstar & Impactful Open Source Contributor
unicodeveloper
0
120
Optimizing Developer Workflow with Sourcegraph
unicodeveloper
0
160
Code Search with Laravel and Sourcegraph
unicodeveloper
1
270
Lightning Talk - JAMStack
unicodeveloper
0
620
Engineering Faster Web Experiences in Plain Sight
unicodeveloper
0
190
Authentication & Authorization in Next.js
unicodeveloper
3
720
webpack 4: Lighting the fire
unicodeveloper
3
530

Other Decks in Programming

See All in Programming
二郎系ラーメンのコールで学ぶ AST 解析
memory1994
PRO
7
1.7k
Ruby Function Composition
bkuhlmann
1
330
try! Swift Tokyo 初参加報告LT
hinakko2
0
190
Netty Chicago Java User Group 2024-04-17
sullis
0
140
Folding Cheat Sheet #3
philipschwarz
PRO
0
120
Zero Waste, Radical Magic, and Italian Graft – Quarkus Efficiency Secrets
hollycummins
0
220
今の SmartHR にエンジニアで入社するとどうなるの?
daisukeshinoku
5
4.6k
CQRS/ES avec Symfony, c’est (trop) bien !
jeremyfreeagent
1
630
Site Reliability Engineering for GMO
pyama86
6
970
雑に思考を整理する技術と効能
konifar
55
26k
HUIT新歓2024「競技プログラミング、やってみませんか?」
slephy2784
1
250
Folding Cheat Sheet #1
philipschwarz
PRO
0
210

Featured

See All Featured
Agile that works and the tools we love
rasmusluckow
324
20k
Automating Front-end Workflow
addyosmani
1355
200k
For a Future-Friendly Web
brad_frost
171
8.9k
Creatively Recalculating Your Daily Design Routine
revolveconf
209
11k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
356
22k
Imperfection Machines: The Place of Print at Facebook
scottboms
258
12k
Building Effective Engineering Teams - LeadDev
addyosmani
27
1.8k
Large-scale JavaScript Application Architecture
addyosmani
503
110k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
119
38k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
39
4.4k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
352
28k
KATA
mclloyd
14
12k

Transcript

  1. AUTHENTICATION & AUTHORIZATION in GraphQL PROSPER OTEMUYIWA | BuzzJS NYC

    2018

  2. 2 A LITTLE ABOUT ME! BuzzJS NYC 2018

  3. LAGOS, NIGERIA 3 HOME CITIZEN & RESIDENT OF

  4. PRINCIPAL JOLLOF RICE ADVOCATE 4 A NIGERIAN MOUTH-WATERING DELICACY. TRY

    IT TODAY!

  5. COMMUNITY DEVELOPER ADVOCATE 5 forloop Africa Laravel Nigeria Angular Nigeria

  6. OPEN SOURCE ENGINEER / DEVELOPER ADVOCATE 6 @unicodeveloper

  7. 7 Look at all the data! Where do I start

    from? BuzzJS NYC 2018

  8. How many clients will consume this data? 8 BuzzJS NYC

    2018

  9. 9 BuzzJS NYC 2018

  10. What’s an effective way to fetch this data? 10 REST

    BuzzJS NYC 2018

  11. 11 REST is great but... ▰ ▰ ▰ ▰ BuzzJS

    NYC 2018

  12. How do we fetch data effectively & fast? 12 Okay

    Prosper, what will save us? BuzzJS NYC 2018

  13. 13 BuzzJS NYC 2018 Source: https://goo.gl/AvC3Yg

  14. What’s GraphQL? 14 ▰ ▰ ▰ BuzzJS NYC 2018

  15. 15 BuzzJS NYC 2018 Build a Schema on the Server

  16. 16 BuzzJS NYC 2018 Construct a query on the client

    to fetch data Fetch whatever data you want at once!

  17. 17 Data sent back to the Client BuzzJS NYC 2018

  18. 18 BuzzJS NYC 2018 GraphQL Playground: Query your Schemas

  19. “ 19 19

  20. Build the Schema & GraphQL Server with Apollo Server 20

  21. Build the Schema & GraphQL Server 21 apollographql.com/docs/apollo-server/v2

  22. “ 22 22

  23. Data Fetching With Apollo Client 23 Fetch data declaratively

  24. State Management with Apollo Link State 24

  25. Manage local State 25 Request for local data with @client

    directive github.com/apollographql/apollo-link-state

  26. Use the Client to query efficiently 26 apollographql.com/docs/react

  27. “ 27 27

  28. APOLLO ENGINE - New Relic for GraphQL 28

  29. APOLLO ENGINE - QUERY & SCHEMA ANALYSIS 29

  30. 30 APOLLO ENGINE apollographql.com/engine apollographql.com/docs/engine

  31. 31

  32. Authentication & Authorization 32 BuzzJS NYC 2018

  33. AUTHENTICATION & AUTHORIZATION 33 ...DIFFERENT WAYS OF GOING ABOUT THIS!

  34. 34 Typical REST API authentication middleware

  35. AUTHENTICATION & AUTHORIZATION 35 ...how can we achieve this in

    GraphQL?

  36. GENERAL: BUILD THE CONTEXT OBJECT 36 ..build the context object

    with info from the request headers.

  37. 37 ...now we have context.user

  38. Context Object? Oh Yeah! 38 The context object is passed

    to every single resolver at every level.

  39. Resolver Level Auth. 39 1

  40. Resolver Level Auth. 40 Resolvers have the ability to check

    user roles or scopes and make authorization decisions.

  41. 41 ...Allow access for this particular user

  42. Resolver Level Auth. Repetitive? 42 ...the approach is great but

    imagine doing this check for every resolver. Ah!

  43. Resolver Level Auth. Abstract the code. 43 Write once, call

    it anywhere & everywhere.

  44. 44

  45. ▰ ▰ ▰ ▰ Apollo Server 2.0 RC

  46. More Info on Error Handling: apollographql.com/docs/apollo-server/v2/feat ures/errors.html

  47. Auth. Delegation to Models 47 2

  48. Recommendation 48 Clog your resolvers with data fetching and mutation

    logic. Move them to Models.

  49. 49

  50. Recommendation 50 Go ahead and perform the authorization inside the

    Model.

  51. 51

  52. Auth via Custom Directives 52 3

  53. Custom Directives 53 Custom directives can be used for a

    lot of things: auth, error tracking, translation, etc

  54. Custom Directives for Auth 54

  55. Custom Directives for Auth 55 apollographql.com/docs/graphql-tools/ schema-directives.html Implementation detail is

    a little bit complex, but more details can be found in the link below.

  56. Auth. outside GraphQL 56 4

  57. Auth. outside GraphQL 57 If your REST API already has

    authorization baked in, why bother implementing on the GraphQL level?

  58. 58 ...pass the request header, then….

  59. 59 …then pass the header to the model method.

  60. GraphQL for the next Billion Users 60 BuzzJS NYC 2018

  61. GraphQL for the next Billion Users 61 GraphQL on the

    Edge

  62. 62 ▰ ▰ ▰

  63. GraphQL for the next Billion Users 63 Sign up for

    Early Access: apollographql.com/edge

  64. More Information on Auth. 64 GraphQL & Apollo: apollographql.com/docs JWT

    Book: auth0.com/resources/ebooks/jwt-handbook Authentication & Authorization: auth0.com/blog

  65. 65 THANKS! Any questions? BuzzJS NYC 2018