Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

graphql-auth

Package Overview
Dependencies
Maintainers
1
Versions
15
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

graphql-auth

GraphQL authentication and authorization middleware

  • 0.1.2
  • npm
  • Socket score

Version published
Weekly downloads
155
increased by47.62%
Maintainers
1
Weekly downloads
 
Created
Source

GraphQL Auth

Travis Build Status

🔒 Authentication and authorization middleware for GraphQL.

graphql-auth is a very simple middleware that easily integrates with any GraphQL server that follows the GraphQL API for resolvers.

Getting Started

How It Works

graphql-auth exports a single function (middleware) withAuth. This function takes two parameters, the first is scope (if any) for authorization, and the second is the callback to call when auth checking is complete. Let's look at an example:

import withAuth from 'graphql-auth';

const resolvers = {
  Query: {
    users: withAuth(['users:view'], (root, args, context) => { ... }),
    ...
  }
}

The way this works is withAuth looks for a special auth property on the context of the resolver. It expects the auth property to have two properties of its own:

  1. isAuthenticated to tell if the user is logged in
  2. scope scope of the logged in user (optional)

This allows you to use any form of authentication already supported by common frameworks like express and hapi. Here is an example in Hapi.js:

import { graphqlHapi } from 'graphql-server-hapi';
import { makeExecutableSchema } from 'graphql-tools';

import typeDefs from './type-defs';
import resolvers from './resolvers';

const register = function(server, options, next) {
  const executableSchema = makeExecutableSchema({
    resolvers,
    typeDefs,
  });

  server.register(
    [
      {
        register: graphqlHapi,
        options: {
          path: '/graphql',
          graphqlOptions: request => ({
            pretty: true,
            schema: executableSchema,
            context: {
              auth: {
                isAuthenticated: request.auth.isAuthenticated,
                scope: request.auth.credentials
                  ? request.auth.credentials.scope
                  : null,
              },
            },
          }),
        },
      },
    ],
    error => {
      if (error) return next(error);
      next();
    },
  );
};

register.attributes = {
  name: 'graphql-api',
  version: '1.0.0',
};

export default register;

For more in depth examples take a look at the graphql-auth-examples repo.

Installation

yarn add graphql-auth

withAuth([scope,] callback)

Without scope:

import withAuth from 'graphql-auth';

const resolvers = {
  Query: {
    users: withAuth((root, args, context) => { ... }),
    ...
  }
}

With scope:

import withAuth from 'graphql-auth';

const resolvers = {
  Query: {
    users: withAuth(['users:view'], (root, args, context) => { ... }),
    ...
  }
}

With dynamic scope:

import withAuth from 'graphql-auth';

const resolvers = {
  Query: {
    users: withAuth(
      (root, args, context) => { /* return scope based on resolver args */ },
      (root, args, context) => { ... }),
    ...
  }
}

Contributors

Thanks goes to these wonderful people (emoji key):


artgibson

💻

HaNdTriX

💻 📖

This project follows the all-contributors specification. Contributions of any kind welcome!

Keywords

FAQs

Package last updated on 02 Oct 2017

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc