Fork me on GitHub
#graphql
<
2017-07-03
>
hmaurer16:07:45

@hlship As a follow up to my PM’ed question, would you be willing to share some details as to how you deal with authentication/authorisation in the context of a GraphQL API at Walmart?

hlship16:07:19

There isn't a lot to share, we have a minimal amount of authentication via an API key; this occurs in the Pedestal interceptor chain. We have a couple of places where we want to enforce some per-field authorization, and we have some simple macros to accomplish that inside the field resolver functions.

hlship16:07:35

It's pretty minimal.

hlship16:07:39

At some point in the future, when we figure out a reasonable way of allowing a schema to define custom directives, that would be a good approach.

hmaurer16:07:09

@hlship Yes, that would be neat. In the meantime a simple approach will do though; thank you