Callbacks before / after field resolution to override default implementation

[yanns]

Is your feature request related to a problem? Please describe. It's complicated in plugins to override the default implementation of the resolution of each field.

Example 1: checking permissions

Let's consider the supergraph SDL:

type Query {
  products: [Product!]! @scope(name: "view_products")
  orders: [Order!]! @scope(name: "view_orders")
}

A OAuth plugin could:

• (1) asynchronously call some authorization services to check if the OAuth token is valid, and which scopes it contain, and puts the scopes into the context (a bit like https://github.com/apollographql/router/blob/dev/examples/async-auth/rust/src/allow_client_id_from_file.rs)
• (2) for each field, check if the value found in the @scope directive matches the scopes from the OAuth token. If not, disallow the resolution of this field (and add an error). Example in sangria

Example 2: feature toggles

Let's consider the supergraph SDL:

type Query {
    reviews: [Review!]!
    users: [User!]! @feature(name: "review-user")
}
type User @feature(name: "review-user") {
    name: String!
}

The field users (and the type User) is only enabled for customers that have access to the feature tag review-user.

A feature toggle plugin could:

• (1) check which feature tags a request can use, and put them into the context
• (2) implement such callbacks:
  • before each field, check if the field can be accessed or not.
  • before each field, if the query is like __type(name: "User"), override the resolution to return None if the query should not access the User type.
  • after each field, if it was an introspection result (like { __schema { queryType { name, fields { name } } } }), remove all types that should not be seen

We have implemented such a middleware in Scala with sangria, and it's working great for us.

Describe the solution you'd like

• Having middleware that can add callbacks before and after each field resolution. Middlewares could then run some logic before or after a field is resolved to override the default implementation, to add errors, or to manipulate the result.
• Plugins can register middlewares.

Additional context

• Documentation about sangria middleware

[smyrick]

This is now supported in the Router with the new directives

https://www.apollographql.com/docs/router/configuration/authorization

type Query {
  product: Product @authenticated
}

type Product @key(fields: "id") {
  id: ID! @policy(policy: [["feature-a"]])
  inStock: Boolean! @requiresScopes(scopes: [["read:product"]])
}