Authenticating User at API Gateway and then redirecting them to microservices about graphql-weaver HOT 7 OPEN

To write custom authentication logic, you need to do two things:

• Make sure that you have access to the request data in the GraphQL context object. For example, if you're using express-graphql, the express request will be passed as context, so you're all set.
• Implement a custom custom GraphQLClient client, e.g. by extending HttpGraphQLClient. For example, you could override getHeaders, look into the request (passed as context), do the token decoding and set appropiate headers for the proxied request.

Then, you can use a config like this:

const schema = weaveSchemas({
    endpoints: [, {
        namespace: 'M1',
        url: 'http://m1/...'
    }, {
        namespace: 'M2',
        client: new CustomHttpGraphQLClient('http://m2/...')
    }, /* ... */
    ]
});

I hope this helps

from graphql-weaver.

@Yogu Few doubts:

• What is the `CustomHttpGraphQLClient?
• Where would I write the code for decoding the JWT token?
• Do I have to pass the client property for microservices M3 and M4 also?

from graphql-weaver.

CustomGraphQLClient would be your subclass of HttpGraphQLClient, something like this:

class CustomGraphQLClient extends HttpGraphQLClient {
    protected async getHeaders(document: DocumentNode, variables?: { [name: string]: any }, context?: any, introspect?: boolean): Promise<{ [index: string]: string }> {
        const request = context as Request;
        // implement your logic here for decoding the token based on the express request
        const regularHeaders = super.getHeaders(document, variables, context, introspect);

        return {
            ...regularHeaders,
            // add your headers here
        };
    }
}

Do I have to pass the client property for microservices M3 and M4 also?

I understood that M2, M3 and M4 are basically the same, so yes you would need to add endpoints with the custom client for all three of them.

from graphql-weaver.

@Yogu I understand that above mentioned solution will add a header (in which token data will be available for other to use) to the original request but I still don't understand how it will stop the request at the API Gateway if no JWT Token is found int the request header?

from graphql-weaver.

from graphql-weaver.

@Yogu Hey what if I am not using Typescript?

class CustomGraphQLClient extends HttpGraphQLClient {
    protected async getHeaders(document: DocumentNode, variables?: { [name: string]: any }, context?: any, introspect?: boolean): Promise<{ [index: string]: string }> {
        const request = context as Request;
        // implement your logic here for decoding the token based on the express request
        const regularHeaders = super.getHeaders(document, variables, context, introspect);

        return {
            ...regularHeaders,
            // add your headers here
        };
    }
}

Then how can I implement this custom class?

from graphql-weaver.

Ah, just remove some parts:

class CustomGraphQLClient extends HttpGraphQLClient {
    async getHeaders(document, variables) {
        const request = context;
        // implement your logic here for decoding the token based on the express request
        const regularHeaders = super.getHeaders(document, variables, context, introspect);

        return {
            ...regularHeaders,
            // add your headers here
        };
    }
}

If you need to target an older version of JavaScript, just use a transpiler of your choice.

from graphql-weaver.