This repo demonstrates some ways you might build authentication and authorization logic into your GraphQL API. GraphQL itself does not prescribe any particular way to do auth and those details are left up to the developer.
The approaches here may or may not be suitable for your own implementation.
This GraphQL server uses JSON Web Tokens (JWT) for authorization. You will need some tokens to begin with to test the API. Here are a few you can use:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJncmFwaHFsLXRlc3Qtc2VydmVyIiwiaWF0IjoxNTA5MDQxMTE3LCJleHAiOjE1NDA1NzcxMTcsImF1ZCI6ImdyYXBocWwtdGVzdC1hcGkiLCJzdWIiOiIxMjMifQ.tTRbNKT58UqRMqMkf8cLenRZ0qvf15mUl6N6dWyn_Wo
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJncmFwaHFsLXRlc3Qtc2VydmVyIiwiaWF0IjoxNTA5MDQxMTE3LCJleHAiOjE1NDA1NzcxMTcsImF1ZCI6ImdyYXBocWwtdGVzdC1hcGkiLCJzdWIiOiIxMjMiLCJzY29wZSI6IndyaXRlOmFydGljbGVzIn0.mupYodqVggdF1fZaiyVdfOGLwY_R3KISGBTCJ7hhH5U
The sub claim in these tokens is 123 which maps to the same author ID in the supplied data.
The secret key for these tokens is found in the .env file. THIS SECRET KEY IS TERRIBLY WEAK, DO NOT USE IT IN PRODUCTION.
To test the API, attach one of the tokens to the Authorization header in your requests using the Bearer scheme. For example:
Authorization: Bearer eyJ0...
MIT