Fork me on GitHub

@hlship As a follow up to my PM’ed question, would you be willing to share some details as to how you deal with authentication/authorisation in the context of a GraphQL API at Walmart?


There isn't a lot to share, we have a minimal amount of authentication via an API key; this occurs in the Pedestal interceptor chain. We have a couple of places where we want to enforce some per-field authorization, and we have some simple macros to accomplish that inside the field resolver functions.


It's pretty minimal.


At some point in the future, when we figure out a reasonable way of allowing a schema to define custom directives, that would be a good approach.


@hlship Yes, that would be neat. In the meantime a simple approach will do though; thank you