Fork me on GitHub
#graphql
<
2019-01-16
>
kwladyka06:01:28

Is there somebody who has only GraphQL auth?

hlship17:01:20

We do the auth in the interceptor pipeline; the auth occurs after parsing the query such that we can apply rules about which api keys can access which operations.

👍 5
orestis19:01:16

So you present a different schema according to authorization?

orestis20:01:15

We are doing authentication before Lacinia enters into play, but for authorization we deal within each resolver accordingly.

hlship05:01:59

Our auth resolves to api keys that list which operations a particular client has access to.

hlship17:01:05

If the way interceptors and routes work in lacinia-pedestal seems complicated, it's because we have that need to inject interceptors and sometimes replace the default interceptors.

orestis20:01:07

I appreciate this approach - I had to replace some interceptors and it was very straightforward.

kwladyka18:01:58

I thin I want to have login (auth) separate from graphql, because for API integrations I will have generated tokens like in github. So this tokens can be used with graphql directly, while web browser will use sessions in ring. Does it make sense?

kwladyka18:01:46

So there is no way to login and get some data in 1 graphql query. I don’t want to have such option. For that purpose people should use generated tokens.

kwladyka18:01:47

Summary up: for web browsers: 1) login with REST and save user id in session 2) query with graphql for API integrations 1) generate tokens 2) use tokens with graphql directly

kwladyka18:01:58

Do you see how can it be done better?

3Jane18:01:22

firstly you can use an api gateway to take care of auth

kwladyka18:01:37

What do you mean?

kwladyka18:01:25

what it doest in short words?

3Jane18:01:59

does auth, rate limiting and various other conveniences

kwladyka18:01:05

hmm is it not what graphql do?

3Jane18:01:30

graphql answers data queries. This gives you a separation of concerns.

kwladyka18:01:45

I mean it is like single entry point

kwladyka18:01:34

Probably I miss something in that context. Do I?

kwladyka18:01:17

hmm on the other hand it can be done in graphql only. Login which return session token or something ike that

kwladyka18:01:26

ehh choices…. choices..

kwladyka20:01:31

(defn start-server
  [_]
  (let [server (-> schema
                   (lp/service-map {:graphiql true})
                   http/create-server
                   http/start)]
    (browse-url "")
    server))
Do you have example of code how to run this but with ring?

kwladyka20:01:44

I can’t find it in the doc

kwladyka20:01:11

I have no idea what pedestal (lp/service-map {:graphiql true}) do

kwladyka20:01:48

Hmm maybe lacinia support it only for pedestal

kwladyka20:01:36

yeah it looks like I have to use pedestal with lacincia

kwladyka20:01:55

if you know if it is possible with ring please let me know 🙂

orestis20:01:56

It should be possible but you have to hook various bits and pieces together yourself

orestis20:01:16

If you see the source of lacinia-pedestal it should be relatively obvious what’s going on

kwladyka20:01:17

*in simple way 😉 I don’t want to write my own 100 lines for that 😉

kwladyka20:01:33

heh seeing source code of lacincia-pedestal my conclusion is I want to use pedestal for dev 😉

👍 5
kwladyka20:01:47

Even if I have never used it 😉

kwladyka20:01:18

But thanks, it confirms there is no ring solution

orestis20:01:44

That I know of :)

kwladyka22:01:45

https://apis.guru/graphql-voyager/ do you recommend any tool like that, but instead paste schema fill field with URI?

kwladyka22:01:44

oh it already can do it . Read it from issue.

kwladyka23:01:06

Do you set Access-Control-Allow-Origin: * for graphql HTTP headers?

kwladyka23:01:35

It sounds risky, but on the other hand how use graphql without this