HOW TO AUTH: SECURE A GRAPHQL API WITH CONFIDENCE MANDI WISE | - - PowerPoint PPT Presentation

how to auth
SMART_READER_LITE
LIVE PREVIEW

HOW TO AUTH: SECURE A GRAPHQL API WITH CONFIDENCE MANDI WISE | - - PowerPoint PPT Presentation

Mar 02, 2023 107 likes •350 views

HOW TO AUTH: SECURE A GRAPHQL API WITH CONFIDENCE MANDI WISE | GRAPHQL SUMMIT 2020 AGENDA Authentication Authorization Federation GRAPHQL SUMMIT 2020 AUTH AUTHENTICATION AUTHORIZATION YOU ARE WHO YOU SAY YOU ARE YOU CAN DO WHAT YOU WANT

slide-1
SLIDE 1

HOW TO AUTH:

SECURE A GRAPHQL API WITH CONFIDENCE

MANDI WISE | GRAPHQL SUMMIT 2020

slide-2
SLIDE 2 GRAPHQL SUMMIT 2020

Authentication Authorization Federation

AGENDA

slide-3
SLIDE 3

AUTH

AUTHORIZATION

YOU CAN DO WHAT YOU WANT TO DO YOU ARE WHO YOU SAY YOU ARE

AUTHENTICATION

slide-4
SLIDE 4
slide-5
SLIDE 5

AUTHENTICATION:

YOU ARE WHO YOU SAY YOU ARE

slide-6
SLIDE 6 GRAPHQL SUMMIT 2020

STARTING POINT

We don’t want to lockdown our entire GraphQL endpoint We’re going to use JSON Web Tokens for auth We’ll use Express with Apollo Server

slide-7
SLIDE 7

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ey JodHRwczovL3NwYWNlYXBpLmNvbS9ncmFwaHFsI jp7InJvbGVzIjpbImFzdHJvbmF1dCJdLCJwZXJt aXNzaW9ucyI6WyJyZWFkOm93bl91c2VyIl19LCJ pYXQiOjE1OTQyNTI2NjMsImV4cCI6MTU5NDMzOT A2Mywic3ViIjoiNjc4OTAifQ.Z1JPE53ca1Jaxw DTlnofa3hwpS0PGdRLUMIrC7M3FCI

slide-8
SLIDE 8

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ey JodHRwczovL3NwYWNlYXBpLmNvbS9ncmFwaHFsI jp7InJvbGVzIjpbImFzdHJvbmF1dCJdLCJwZXJt aXNzaW9ucyI6WyJyZWFkOm93bl91c2VyIl19LCJ pYXQiOjE1OTQyNTI2NjMsImV4cCI6MTU5NDMzOT A2Mywic3ViIjoiNjc4OTAifQ.Z1JPE53ca1Jaxw DTlnofa3hwpS0PGdRLUMIrC7M3FCI

slide-9
SLIDE 9
slide-10
SLIDE 10

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ey JodHRwczovL3NwYWNlYXBpLmNvbS9ncmFwaHFsI jp7InJvbGVzIjpbImFzdHJvbmF1dCJdLCJwZXJt aXNzaW9ucyI6WyJyZWFkOm93bl91c2VyIl19LCJ pYXQiOjE1OTQyNTI2NjMsImV4cCI6MTU5NDMzOT A2Mywic3ViIjoiNjc4OTAifQ.Z1JPE53ca1Jaxw DTlnofa3hwpS0PGdRLUMIrC7M3FCI

slide-11
SLIDE 11
slide-12
SLIDE 12

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ey JodHRwczovL3NwYWNlYXBpLmNvbS9ncmFwaHFsI jp7InJvbGVzIjpbImFzdHJvbmF1dCJdLCJwZXJt aXNzaW9ucyI6WyJyZWFkOm93bl91c2VyIl19LCJ pYXQiOjE1OTQyNTI2NjMsImV4cCI6MTU5NDMzOT A2Mywic3ViIjoiNjc4OTAifQ.Z1JPE53ca1Jaxw DTlnofa3hwpS0PGdRLUMIrC7M3FCI

slide-13
SLIDE 13
slide-14
SLIDE 14

DEMO TIME…

slide-15
SLIDE 15

AUTHORIZATION:

YOU CAN DO WHAT YOU WANT TO DO

slide-16
SLIDE 16 GRAPHQL SUMMIT 2020

A FEW OPTIONS

Handle auth logic directly in each resolver function

slide-17
SLIDE 17 GRAPHQL SUMMIT 2020

A FEW OPTIONS

Handle auth logic directly in each resolver function Create custom directives (e.g. @auth(requires: DIRECTOR)) Wrap resolver functions (e.g. GraphQL Auth) Abstract auth rules into middleware (e.g. GraphQL Shield)

slide-18
SLIDE 18

NOW DO FEDERATION

slide-19
SLIDE 19
slide-20
SLIDE 20
slide-21
SLIDE 21

SUMMING UP

Handle incoming tokens in the context A viewer query can be an entry point for authenticated users Keep explicit authorization checks out of resolver functions Forward header from gateway API using buildService

GRAPHQL SUMMIT 2020
slide-22
SLIDE 22 GRAPHQL SUMMIT 2020

SHOW ME THE CODE!

https://github.com/mandiwise/basic-apollo-auth-demo https://github.com/mandiwise/apollo-federation-auth-demo https://github.com/mandiwise/graphql-magic-auth-demo

slide-23
SLIDE 23

THANKS!

TWITTER & GITHUB: @MANDIWISE