Best practice for AuthN and AuthZ #3320

margaretjoanmiller · 2024-10-09T08:41:15Z

margaretjoanmiller
Oct 9, 2024

I was wondering how folks are handling authentication and authorization and how each approach went. I need to restrict certain data to specific roles.

fasibio · 2024-10-09T14:03:46Z

fasibio
Oct 9, 2024

Simple use an Auth graphql directive?
There you can also check for roles.
But this is not gqlgen specific is graphql standard way

1 reply

margaretjoanmiller Oct 9, 2024
Author

Like this but implemented in go? https://github.com/graphql-community/graphql-directive-auth? I can't see from the official specs an official auth directive

fasibio · 2024-10-10T04:39:57Z

fasibio
Oct 10, 2024

Mhm more or less. But in general you have the Auth token as header by your request.
Than on server side you have to read them and interpret them.
Did you read this https://gqlgen.com/reference/directives/ ? How directives work in gerneral?

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Best practice for AuthN and AuthZ #3320

{{title}}

Replies: 2 comments 1 reply

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

Select a reply

Best practice for AuthN and AuthZ #3320

margaretjoanmiller Oct 9, 2024

Replies: 2 comments · 1 reply

fasibio Oct 9, 2024

margaretjoanmiller Oct 9, 2024 Author

fasibio Oct 10, 2024

margaretjoanmiller
Oct 9, 2024

Replies: 2 comments 1 reply

fasibio
Oct 9, 2024

margaretjoanmiller Oct 9, 2024
Author

fasibio
Oct 10, 2024