Morioh
Login
Chet Lubowitz

Chet Lubowitz

3 years ago

In my last post, I tried to share a way that can be used to implement resolver specific authorization. Even though I’m using it in production, after making some changes to the approach like not using a global dictionary instead of that I’m injecting “User” object to every request context, it has been working well without giving any issues. But I find this approach not so generalized and hence not optimal. As I was new to GraphQL then I’m fine with that novice approach, but as I read more about Graphql specs and different parts of it I learned about schema-directives. With some more reading about using schema-directives with Ariadne it was evident that’s the way to do it, and hence this article.

I’ll be using this repository as a base. If you look into schemas/Query.graphql you will find the following.

directive @is_authenticated on FIELD_DEFINITION

directive @has_permission(

resource: String

permission: String

) on FIELD_DEFINITION

type Query {

“””

Get all users

“””

users(offset: Int = 0, limit: Int = 10): UsersInResp!

_@has_permission(resource: “ps_users”, permission: “read”)

“””

#python #apollo-server #ariadne #graphql-authentication #graphql

Schema-Directives, the Right Way of Doing GraphQL Authorizations

medium.com

Schema-Directives, the Right Way of Doing GraphQL Authorizations

In my last post, I tried to share a way that can be used to implement resolver specific authorization. Even though I’m using it in production, after making some changes to the approach like not using a global dictionary instead of that I’m injecting “User” object to every request context, it has been working well without giving any issues.

2.80 GEEK