3 ways for authorization with GraphQL and Apollo

Oct 14, 2019

Authentication and Authorization with GraphQL can be a confusing topic. There is not a lot of best practices and little content on this topic. This article aims at comparing three different ways of implementing authorization (meaning how to decide which user is allowed to see what). We will have a…

Authorization with GraphQL and custom directives

Sep 25, 2019

Authorization is a crucial part of most applications. Still, access-control is not part of the GraphQL spec. This leaves developers with different options. Since authorization touches a lot of different areas of your typical app selecting one of these options can be a tough choice to make. In this…

Authentication with GraphQL and Passport.js: The frontend

Aug 11, 2019

In the previous articles of this series we implemented a GraphQL API that allows users to sign up and log in with their email and password as well as their Facebook account. We focused on the API and executed the mutations and queries via the Apollo-server playground. In this article, we will write…

Authentication and Authorization with GraphQL and Passport

May 29, 2019

Authentication and authorization can be a challenging topic. Especially with GraphQL as a pretty young technology, there seems to be a lot of uncertainty and confusion. Should you use a library like Passport.js which is established? But how would you integrate that with GraphQL? Should you rather…

Password-based authentication with GraphQL and Passport

May 29, 2019

The standard approach when using Passport.js is to have separate endpoints on your server for signup and login. The front-end sends data from the corresponding forms to these dedicated endpoints. After successful authentication, the user is redirected to some URL. With GraphQL you would also need to…

How to authenticate using GraphQL and JWT

Jan 28, 2019

How can I set a JWT token to a cookie using GraphQL? Do I need to put the authentication logic into every resolver? Maybe you are wondering how to authenticate your users when you build a GraphQL backend using JSON web token (JWT). If so your answer may be: Use a session middleware in combination…