Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Secure GraphQL queries with express js, passport s

I have started using graphql in my express js project but i am wondering how to protect some of my GraphQL query. Previously i used passport js(JWT) for this and that works great. It was really easy to secure route but with graphql(express-graphql) i couldn't find any solution. Furthermore it will be nice to have some kind of role based solution to protect particular fields. Is there any good tutorial how to secure graphQL ?

like image 700
Dawid Skrzypczyński Avatar asked Dec 14 '22 00:12

Dawid Skrzypczyński


1 Answers

Last I checked there weren't any really good tutorials out there that show how to secure a GraphQL endpoint. However, the consensus in the community (GraphQL and Apollo slack channels) is that it's best to do Authentication separate from GraphQL (eg. using Passport) and do authorization in your resolve functions, possibly by decorating them with some role-based auth.

The best link I can provide at the moment is this post I wrote a while ago about setting up Authentication for a GraphQL endpoint with Passport.js. I hope it helps!

I'm currently working on a Full-stack GraphQL tutorial for React + Node.js with Apollo for which I'm planning to do a part about Auth. I'll try to update this answer as soon as I've published it.

like image 138
helfer Avatar answered Dec 27 '22 13:12

helfer