Resolver Authorization
- Resolver authentication is also a function of access control. It involves granting access to individual resolver functions that comprise the GraphQL API.
- Development gets the power to implement the intra accessing control based on the action to be carried out by the user.
Implementation:
Now, Let’s take resolver authorization as an instance for a possible GraphQL resolver function in JavaScript with Apollo Server. Here is an example of how resolver authorization can be implemented using Apollo Server middleware.
const server = new ApolloServer({
typeDefs,
resolvers,
context: ((req) => {
const user = getUser(req);
return { user };
}),
plugins: [
{
requestDidStart(requestContext) {
return {
// Called before each field is resolved
async resolveField({ origin, arguments, context, info }) {
// Make sure the field being resolved is authorized by checking for authorization.
if (context.user.isAdmin !== true && info.fieldName === 'adminData') {
throw new Error('Unauthorized access');
}
},
};
},
},
],
});
Authorization in GraphQL
In the field of GraphQL API building security is a primary consideration. A security measure that allows access to resources and functionalities on an API is the authorization that is used to ensure security.
In this article, We will learn about the type and field authorization state in GraphQL, including resolver authorization, field authorization, and the case deploying two approaches.
Contact Us