Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

graphql_authentication

Package Overview
Dependencies
Maintainers
3
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

graphql_authentication

  • 1.0.0
  • Rubygems
  • Socket score

Version published
Maintainers
3
Created
Source

GraphQL Authentication

Build Status Maintainability Downloads Latest Version

This gem provides an authenticationentication mechanism on a GraphQL API. It use JSON Web Token (JWT) and Devise logic.

Installation

Add this line to your application's Gemfile:

gem 'graphql_authentication'

And then execute:

$ bundle

Or install it yourself as:

$ gem install graphql_authentication

Then run the installer to create graphql_authentication.rb file in your initializers folder.

rails g graphql_authentication:install

Make sure to read all configurations present inside the file and fill them with your own configs.

Devise gem

Use Devise with a User model and skip all route

Rails.application.routes.draw do
 devise_for :users, skip: :all
end

Usage

Make 'JWT_SECRET_KEY' and 'APP_URL' available to ENV

JWT_SECRET_KEY=
APP_URL=

Make sure the Authorization header is allowed in your api

Rails.application.config.middleware.insert_before 0, Rack::Cors do
  allow do
    origins '*'
    resource '*',
             headers: %w(Authorization Expires RefreshToken),
             methods: :any,
             expose: %w(Authorization Expires RefreshToken),
             max_age: 600
  end
end

Make sure to include Graphql::AuthenticationHelper in your GraphqlController. A context method returning the current_user will be available

class GraphqlController < ActionController::API

  include Graphql::AuthenticationHelper

  def execute
    variables = ensure_hash(params[:variables])
    query = params[:query]
    operation_name = params[:operationName]
    result = ::GraphqlSchema.execute(query, variables: variables, context: context, operation_name: operation_name)
    render json: result

    ...

Make sure to implement GraphqlAuthentication in your MutationType to make authentication mutations available

class Types::MutationType < Types::BaseObject
  implements ::Types::GraphqlAuthentication
end

Customization

If you can to customize any mutation, make sure to update the configurations

GraphQL::Authentication.configure do |config|
  # config.token_lifespan = 4.hours
  # config.jwt_secret_key = ENV['JWT_SECRET_KEY']
  # config.app_url = ENV['APP_URL']

  # config.user_type = '::Types::Authentication::User'

  # Devise allowed actions
  # Don't forget to enable the lockable setting in your Devise user model if you plan on using the lock_account feature
  # config.allow_sign_up = true
  # config.allow_lock_account = false
  # config.allow_unlock_account = false

  # Allow custom mutations for signup and update account
  # config.sign_up_mutation = '::Mutations::Authentication::SignUp'
  # config.update_account_mutation = '::Mutations::Authentication::UpdateAccount'
end

Development

After checking out the repo, run bin/setup to install dependencies. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in graphql_authentication.gemspec, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/wbotelhos/graphql_authentication. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.

License

The gem is available as open source under the terms of the MIT License.

Code of Conduct

Everyone interacting in the GraphQL Authentication project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.

FAQs

Package last updated on 13 Jul 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc