pranatimittal
commented
2 years ago Hey, I would like to try adding user/admin roles. Can I?
Open knjk04 opened 3 years ago
pranatimittal
commented
2 years ago Hey, I would like to try adding user/admin roles. Can I?
knjk04
commented
2 years ago Hi @pranatimittal, sure, I'll assign you to the issue. Thanks!
pranatimittal
commented
2 years ago @knjk04 could you help me get started? I have never worked with dgs and spring security and interested to lean it
machinalny
commented
2 years ago Hey, @knjk04 How user should be authorized? Basic Auth? Bearer Token? Oauth? Maybe API Key?
knjk04
commented
2 years ago @pranatimittal For both DGS and Spring Security, but particularly DGS, I recommend looking at the official documentation. DGS is quite new, so there may be relatively few tutorials out there. They have a page on Spring security. You can also walk through the tutorials on the site to find out how it works.
For Spring Security specifically, there are lots of good tutorials online, so you can find what works best for you.
I've noticed that security comes under the advanced section in the DGS documentation, so I've removed the 'good first issue' label.
If you don't mind, I'll unassign you from this issue as it may be trickier for a beginner (although, definitely doable) than I initially thought. I'll see if there's something else for you to pick it up. It looks like @machinalny has some experience with this, so I think they'll be a better fit for this.
knjk04
commented
2 years ago Hi @machinalny, good question! API key would be great. Are you happy for me to assign you to this?
machinalny
commented
2 years ago Hi @knjk04, thanks! You can assign it to me, ;)
knjk04
commented
2 years ago @machinalny How are you getting on with this?
knjk04
commented
2 years ago @machinalny Unassigning due to no response
Add Spring security with roles ('user' and 'admin').
All queries should be accessible without being authenticated. Mutations should only be allowed for those with admin access.