@dsek/graphql-auth-directives-unsigned

2.1.0 • Public • Published

graphql-auth-directives-unsigned

This is a fork of graphql-auth-directives which does not parse of verify any JWTs. Everything is plain text objects. The authenticity of the claims should be verified before reaching this library! If you don't have a specific need of separating the verification of authenticity from the authorization check, you should use graphql-auth-directives instead!

Add authentication to your GraphQL API with schema directives.

Schema directives for authorization

  • [ ] @isAuthenticated
  • [ ] @hasRole
  • [ ] @hasScope

Quick start

npm install --save graphql-auth-directives-unsigned

Then import the schema directives you'd like to use and attach them during your GraphQL schema construction. For example using neo4j-graphql.js' makeAugmentedSchema:

import { IsAuthenticatedDirective, HasRoleDirective, HasScopeDirective } from "graphql-auth-directives";

const augmentedSchema = makeAugmentedSchema({
  typeDefs,
  schemaDirectives: {
    isAuthenticated: IsAuthenticatedDirective,
    hasRole: HasRoleDirective,
    hasScope: HasScopeDirective
  }
});

The @hasRole, @hasScope, and @isAuthenticated directives will now be available for use in your GraphQL schema:

type Query {
    userById(userId: ID!): User @hasScope(scopes: ["User:Read"])
    itemById(itemId: ID!): Item @hasScope(scopes: ["Item:Read"])
}

Be sure to inject the relevant variables into the GraphQL resolver context. For example, with Apollo Server:

const server = new ApolloServer({
  schema,
  context: ({ req }) => {
    const user = req.headers.user && JSON.parse(req.headers.user);
    return { user };
  }
});

Dependents (0)

Package Sidebar

Install

npm i @dsek/graphql-auth-directives-unsigned

Weekly Downloads

12

Version

2.1.0

License

Apache-2.0

Unpacked Size

15.8 kB

Total Files

6

Last publish

Collaborators

  • hnrklssn