Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fine-grained authorization with JWT token #27

Open
stevehu opened this issue Jan 4, 2018 · 3 comments
Open

fine-grained authorization with JWT token #27

stevehu opened this issue Jan 4, 2018 · 3 comments
Labels
enhancement help wanted

Comments

@stevehu
Copy link
Contributor

stevehu commented Jan 4, 2018

Unlike RESTful API, we have scope for each endpoint so that the authorization can be down to the endpoint. For GraphQL, there is only one endpoint with only two or three different type of requests. Need to find a way to protect individual query or mutation.
@maarek
Copy link

maarek commented Apr 5, 2018
edited
Loading

Can you expose the request to the execution context so that DataFetchers gain access to the JWT token during a request and authorization is deferred to the business layer?

http://graphql-java.readthedocs.io/en/latest/concerns.html#context-objects

@stevehu
Copy link
Contributor Author

stevehu commented Apr 5, 2018

Yes. That is a very good idea. In the light-rest-4j we pass the payload of JWT in an exchange attachment for fine-grained authorization in the business context. Let me explore it a little bit and propose something for further discussion. Thanks.

@maarek
Copy link

maarek commented Apr 5, 2018

I didn't realize that we already did this. I missed it when I commented last night. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@maarek @stevehu