Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authentication and Authorization in GraphQL #5416

Jan10 opened this issue Jan 9, 2020 · 1 comment

Authentication and Authorization in GraphQL #5416

Jan10 opened this issue Jan 9, 2020 · 1 comment


Copy link

@Jan10 Jan10 commented Jan 9, 2020

For a project i need a user authentication with GraphQL. Are there plans to build the Craft CMS User authentication and authorization in GraphQL?

Like: or


This comment has been minimized.

Copy link

@brandonkelly brandonkelly commented Jan 9, 2020

No current plans for this, but you could pull it off by pointing your api route (or whatever it’s called) to a custom controller action instead, which does its own authentication, and then sets the active GraphQL schema before rerouting the request to graphql/api.

use Craft;
use craft\web\Controller;
use yii\web\Response;

class MyGraphqlController extends Controller
    public $enableCsrfValidation = false;
    public $allowAnonymous = ['api'];

    public function actionApi(): Response
        // do custom auth and get the desired schema here
        // ...

        // set the active schema

        // re-route to graphql/api
        return Craft::$app->runAction('graphql/api');

Note that there have been some breaking changes surrounding GraphQL schemas in Craft 3.4. You’ll probably be best off if you update to that before working on this. You can update by changing your craftcms/cms requirement in composer.json to ^3.4.0-beta.5 and then running composer update. (We will be releasing RC1 next week and the GA release by the end of the month, so it’s pretty safe to start using 3.4 now.)

@brandonkelly brandonkelly reopened this Jan 9, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
2 participants
You can’t perform that action at this time.