Skip to content

kaiba42/graphql-auth-directives

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
.circleci
.circleci
 
 
examples
examples
 
 
scripts
scripts
 
 
src
src
 
 
test
test
 
 
.babelrc
.babelrc
 
 
.env
.env
 
 
.gitignore
.gitignore
 
 
.npmignore
.npmignore
 
 
README.md
README.md
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

graphql-auth-directives

CircleCI

Add authentication to your GraphQL API with schema directives.

Schema directives for authorization

  • @isAuthenticated
  • @hasRole
  • @hasScope

Quick start

npm install --save graphql-auth-directives

Then import the schema directives you'd like to use and attach them during your GraphQL schema construction. For example using neo4j-graphql.js' makeAugmentedSchema:

import { IsAuthenticatedDirective, HasRoleDirective, HasScopeDirective } from "graphql-auth-directives";

const augmentedSchema = makeAugmentedSchema({
  typeDefs,
  schemaDirectives: {
    isAuthenticated: IsAuthenticatedDirective,
    hasRole: HasRoleDirective,
    hasScope: HasScopeDirective
  }
});

The @hasRole, @hasScope, and @isAuthenticated directives will now be available for use in your GraphQL schema:

type Query {
    userById(userId: ID!): User @hasScope(scopes: ["User:Read"])
    itemById(itemId: ID!): Item @hasScope(scopes: ["Item:Read"])
}

Be sure to inject the request headers into the GraphQL resolver context. For example, with Apollo Server:

const server = new ApolloServer({
  schema,
  context: ({ req }) => {
    return req;
  }
});

A JWT must then be included in each GraphQL request in the Authorization header. For example, with Apollo Client:

import { createHttpLink } from 'apollo-link-http';
import { setContext } from 'apollo-link-context';
import { InMemoryCache } from 'apollo-cache-inmemory';
import { ApolloClient } from 'apollo-client';


const httpLink = createHttpLink({
    uri: <YOUR_GRAPHQL_API_URI>
});

const authLink = setContext((_, { headers }) => {
    const token = localStorage.getItem('id_token'); // here we are storing the JWT in localStorage
    return {
        headers: {
            ...headers,
            authorization: token ? `Bearer ${token}` : "",
        }
    }
});

const client = new ApolloClient({
    link: authLink.concat(httpLink),
    cache: new InMemoryCache()
});

Configure

Configuration is done via environment variables.

(required) You must set the JWT_SECRET environment variable:

export JWT_SECRET=><YOUR_JWT_SECRET_KEY_HERE>

(optional) By default @hasRole will validate the roles, role, Roles, or Role claim (whichever is found first). You can override this by setting AUTH_DIRECTIVES_ROLE_KEY environment variable. For example, if your role claim is stored in the JWT like this

"https://grandstack.io/roles": [
    "admin"
]

Set:

export AUTH_DIRECTIVES_ROLE_KEY=https://grandstack.io/roles

Test JWTs

Scopes: user:CRUD

key: qwertyuiopasdfghjklzxcvbnm123456

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJHUkFORHN0YWNrIiwiaWF0IjoxNTQ5MTQ1Mjk0LCJleHAiOjE1ODA2ODEzMDcsImF1ZCI6ImdyYW5kc3RhY2suaW8iLCJzdWIiOiJib2JAbG9ibGF3LmNvbSIsIlJvbGUiOiJBRE1JTiIsIlNjb3BlIjpbIlVzZXI6UmVhZCIsIlVzZXI6Q3JlYXRlIiwiVXNlcjpVcGRhdGUiLCJVc2VyOkRlbGV0ZSJdfQ.nKADki8iKTpKqq3CVdrGAUrSzSBmFolWzYOsA_ULSdo

About

Add authorization to your GraphQL API using schema directives.

www.npmjs.com/package/graphql-auth-directives

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 97.1%
  • Shell 2.9%