Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Authentication & Authorization in GraphQL

Otemuyiwa Prosper
June 15, 2018
Programming
5
1.9k

Authentication & Authorization in GraphQL

- GraphQL Overview
- GraphQL Tooling with Apollo
- Authentication & Authorization in GraphQL
- GraphQL for the next billion users

Otemuyiwa Prosper

June 15, 2018
Tweet

More Decks by Otemuyiwa Prosper

See All by Otemuyiwa Prosper
A.I (Artificial Intelligence) for the rest of us
unicodeveloper
2
510
The Complete Guide to building In-App Notifications in Web Apps
unicodeveloper
0
300
The Golden Ticket: Becoming a Superstar & Impactful Open Source Contributor
unicodeveloper
0
130
Optimizing Developer Workflow with Sourcegraph
unicodeveloper
0
170
Code Search with Laravel and Sourcegraph
unicodeveloper
1
280
Lightning Talk - JAMStack
unicodeveloper
0
710
Engineering Faster Web Experiences in Plain Sight
unicodeveloper
0
210
Authentication & Authorization in Next.js
unicodeveloper
3
760
webpack 4: Lighting the fire
unicodeveloper
3
530

Other Decks in Programming

See All in Programming
CSC509 Lecture 11
javiergs
PRO
0
180
3 Effective Rules for Using Signals in Angular
manfredsteyer
PRO
0
120
Snowflake x dbtで作るセキュアでアジャイルなデータ基盤
tsoshiro
2
520
とにかくAWS GameDay!AWSは世界の共通言語! / Anyway, AWS GameDay! AWS is the world's lingua franca!
seike460
PRO
1
900
CSC509 Lecture 12
javiergs
PRO
0
160
.NET のための通信フレームワーク MagicOnion 入門 / Introduction to MagicOnion
mayuki
1
1.8k
レガシーシステムにどう立ち向かうか 複雑さと理想と現実/vs-legacy
suzukihoge
14
2.3k
ECS Service Connectのこれまでのアップデートと今後のRoadmapを見てみる
tkikuc
2
250
What’s New in Compose Multiplatform - A Live Tour (droidcon London 2024)
zsmb
1
480
as(型アサーション)を書く前にできること
marokanatani
10
2.7k
AWS Lambdaから始まった
Serverlessの「熱」とキャリアパス / It started with AWS Lambda Serverless “fever” and career path
seike460
PRO
1
260
Jakarta EE meets AI
ivargrimstad
0
690

Featured

See All Featured
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
The Invisible Side of Design
smashingmag
298
50k
Imperfection Machines: The Place of Print at Facebook
scottboms
265
13k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
229
52k
Fireside Chat
paigeccino
34
3k
Scaling GitHub
holman
458
140k
Into the Great Unknown - MozCon
thekraken
32
1.5k
Fashionably flexible responsive web design (full day workshop)
malarkey
405
65k
What's new in Ruby 2.0
geeforr
343
31k
Reflections from 52 weeks, 52 projects
jeffersonlam
346
20k
The Power of CSS Pseudo Elements
geoffreycrofte
73
5.3k

Transcript

  1. AUTHENTICATION & AUTHORIZATION in GraphQL PROSPER OTEMUYIWA | BuzzJS NYC

    2018

  2. 2 A LITTLE ABOUT ME! BuzzJS NYC 2018

  3. LAGOS, NIGERIA 3 HOME CITIZEN & RESIDENT OF

  4. PRINCIPAL JOLLOF RICE ADVOCATE 4 A NIGERIAN MOUTH-WATERING DELICACY. TRY

    IT TODAY!

  5. COMMUNITY DEVELOPER ADVOCATE 5 forloop Africa Laravel Nigeria Angular Nigeria

  6. OPEN SOURCE ENGINEER / DEVELOPER ADVOCATE 6 @unicodeveloper

  7. 7 Look at all the data! Where do I start

    from? BuzzJS NYC 2018

  8. How many clients will consume this data? 8 BuzzJS NYC

    2018

  9. 9 BuzzJS NYC 2018

  10. What’s an effective way to fetch this data? 10 REST

    BuzzJS NYC 2018

  11. 11 REST is great but... ▰ ▰ ▰ ▰ BuzzJS

    NYC 2018

  12. How do we fetch data effectively & fast? 12 Okay

    Prosper, what will save us? BuzzJS NYC 2018

  13. 13 BuzzJS NYC 2018 Source: https://goo.gl/AvC3Yg

  14. What’s GraphQL? 14 ▰ ▰ ▰ BuzzJS NYC 2018

  15. 15 BuzzJS NYC 2018 Build a Schema on the Server

  16. 16 BuzzJS NYC 2018 Construct a query on the client

    to fetch data Fetch whatever data you want at once!

  17. 17 Data sent back to the Client BuzzJS NYC 2018

  18. 18 BuzzJS NYC 2018 GraphQL Playground: Query your Schemas

  19. “ 19 19

  20. Build the Schema & GraphQL Server with Apollo Server 20

  21. Build the Schema & GraphQL Server 21 apollographql.com/docs/apollo-server/v2

  22. “ 22 22

  23. Data Fetching With Apollo Client 23 Fetch data declaratively

  24. State Management with Apollo Link State 24

  25. Manage local State 25 Request for local data with @client

    directive github.com/apollographql/apollo-link-state

  26. Use the Client to query efficiently 26 apollographql.com/docs/react

  27. “ 27 27

  28. APOLLO ENGINE - New Relic for GraphQL 28

  29. APOLLO ENGINE - QUERY & SCHEMA ANALYSIS 29

  30. 30 APOLLO ENGINE apollographql.com/engine apollographql.com/docs/engine

  31. 31

  32. Authentication & Authorization 32 BuzzJS NYC 2018

  33. AUTHENTICATION & AUTHORIZATION 33 ...DIFFERENT WAYS OF GOING ABOUT THIS!

  34. 34 Typical REST API authentication middleware

  35. AUTHENTICATION & AUTHORIZATION 35 ...how can we achieve this in

    GraphQL?

  36. GENERAL: BUILD THE CONTEXT OBJECT 36 ..build the context object

    with info from the request headers.

  37. 37 ...now we have context.user

  38. Context Object? Oh Yeah! 38 The context object is passed

    to every single resolver at every level.

  39. Resolver Level Auth. 39 1

  40. Resolver Level Auth. 40 Resolvers have the ability to check

    user roles or scopes and make authorization decisions.

  41. 41 ...Allow access for this particular user

  42. Resolver Level Auth. Repetitive? 42 ...the approach is great but

    imagine doing this check for every resolver. Ah!

  43. Resolver Level Auth. Abstract the code. 43 Write once, call

    it anywhere & everywhere.

  44. 44

  45. ▰ ▰ ▰ ▰ Apollo Server 2.0 RC

  46. More Info on Error Handling: apollographql.com/docs/apollo-server/v2/feat ures/errors.html

  47. Auth. Delegation to Models 47 2

  48. Recommendation 48 Clog your resolvers with data fetching and mutation

    logic. Move them to Models.

  49. 49

  50. Recommendation 50 Go ahead and perform the authorization inside the

    Model.

  51. 51

  52. Auth via Custom Directives 52 3

  53. Custom Directives 53 Custom directives can be used for a

    lot of things: auth, error tracking, translation, etc

  54. Custom Directives for Auth 54

  55. Custom Directives for Auth 55 apollographql.com/docs/graphql-tools/ schema-directives.html Implementation detail is

    a little bit complex, but more details can be found in the link below.

  56. Auth. outside GraphQL 56 4

  57. Auth. outside GraphQL 57 If your REST API already has

    authorization baked in, why bother implementing on the GraphQL level?

  58. 58 ...pass the request header, then….

  59. 59 …then pass the header to the model method.

  60. GraphQL for the next Billion Users 60 BuzzJS NYC 2018

  61. GraphQL for the next Billion Users 61 GraphQL on the

    Edge

  62. 62 ▰ ▰ ▰

  63. GraphQL for the next Billion Users 63 Sign up for

    Early Access: apollographql.com/edge

  64. More Information on Auth. 64 GraphQL & Apollo: apollographql.com/docs JWT

    Book: auth0.com/resources/ebooks/jwt-handbook Authentication & Authorization: auth0.com/blog

  65. 65 THANKS! Any questions? BuzzJS NYC 2018