Backend Admin API middleware to verify session token; add tenantId to context

interledger / rafiki

An open-source, comprehensive Interledger service for wallet providers, enabling them to provide Interledger functionality to their users.

https://rafiki.dev/

Apache License 2.0

259 stars 89 forks source link

Backend Admin API middleware to verify session token; add tenantId to context #2916

Closed njlie closed 1 month ago

njlie commented 2 months ago

The backend package's Apollo GraphQL server should expect a session token from Kratos in any request made to the GraphQL API, such as in the header.

Based on the identity.id for this session, and if it is an operator or not, it should return the relevant tenantId and add it to the context. Then, the GraphQL resolver should use that tenantId to filter the query/mutation results.

njlie commented 1 month ago

Added in https://github.com/interledger/rafiki/pull/2974, closing.