Open chainlink opened 3 years ago
Ekliptor
commented
3 years ago I am also interested in this question. Especially since it would also make it easier to manage different GraphQL queries which require different user permissions.
Any examples on how to to this?
philipjscott
commented
3 years ago Isn't doing auth through the GraphQL layer impossible in certain cases? (e.g. cookie-based authentication)
https://github.com/99designs/gqlgen/blob/master/docs/content/recipes/authentication.md
Because GraphQL is transport agnostic we can't assume there will even be an HTTP request, so we need to expose these authentication details to our graph using a middleware.
chainlink
commented
3 years ago I'm happy if it's not built into gqlgen, but would be nice to have a path for it for folks that would like it.
philipjscott
commented
3 years ago I suppose, but the question is whether it's even possible for some users. Suppose you're sending an authorization token through a cookie, how will you be able to access it in the root resolver? Since GraphQL is supposed to support both websocket and "normal" HTTP requests, it'll definitely complicate the resolver API to add this functionality.
Of course, there are definitely pros; I wonder what the maintainers think.
Hi there, Is is possible to pass authentication via
&graph.Resolver{}instead of through context? Having Auth in middleware/context tightly couples it to the implementation (and requires all tests, etc to be blessed with the right context) As well, it would be nice to be able to use the graphql error presenter for eveything including auth, instead of bailing out early in middlewareTo do this, I think I need to generate the schema per request, but I'm not sure of the performance penalty here