Closed seanabrahams closed 8 years ago
Merging #24 has changed the landscape quite a bit. Suspect that the issue might already be solved, can you please confirm? Thanks.
@seanabrahams Let's chat about this. Allowing external code access to the opts
seems scary. The way that root_value
works it is possible to have a callback function to load the data. This function should work with the authentication/authorization stack to populate information into root_value
.
@joshprice, @aweiker clued me in on how this should be done properly :+1: . I've updated the wiki page I created (https://github.com/graphql-elixir/graphql-elixir/wiki/How-to-do-authentication-and-authorization-in-a-Phoenix-application-with-GraphQL) and am closing this PR.
One example of what this allows us to do is set the logged in user in :root_value and have it available in resolve functions so we can do authorization.
See https://github.com/graphql-elixir/graphql-elixir/wiki/How-to-do-authentication-and-authorization-in-a-Phoenix-application-with-GraphQL for example.