Skip to content
A toolset for authorizing access to graph types for GraphQL .NET.
Branch: master
Clone or download
Latest commit bc3b36e Jan 18, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.vscode
src Bump to 2.1 Jan 18, 2019
tools Bump to 2.0 release (#12) Aug 15, 2018
.babelrc
.editorconfig Code Jul 29, 2017
.gitignore Check ResolvedType for authorization policies (#9) Jun 12, 2018
LICENSE.md Code Jul 29, 2017
README.md
appveyor.yml
package.json
yarn.lock Add build system Aug 2, 2017

README.md

GraphQL Authorization

Build Status NuGet Join the chat at https://gitter.im/graphql-dotnet/graphql-dotnet

A toolset for authorizing access to graph types for GraphQL .NET.

Usage

  • Register the authorization classes in your container (IAuthorizationEvaluator, AuthorizationSettings, and the AuthorizationValidationRule).
  • Provide a UserContext class that implements IProvideClaimsPrincipal.
  • Add policies to the AuthorizationSettings.
  • Apply a policy to a GraphType or Field (which implement IProvideMetadata) using AuthorizeWith(string policy).
  • The AuthorizationValidationRule will run and verify the policies based on the registered policies.
  • You can write your own IAuthorizationRequirement.
  • Use GraphQLAuthorize attribute if using Schema + Handler syntax.

Examples

public static void AddGraphQLAuth(this IServiceCollection services)
{
    services.TryAddSingleton<IHttpContextAccessor, HttpContextAccessor>();
    services.TryAddSingleton<IAuthorizationEvaluator, AuthorizationEvaluator>();
    services.AddTransient<IValidationRule, AuthorizationValidationRule>();

    services.TryAddSingleton(s =>
    {
        var authSettings = new AuthorizationSettings();

        authSettings.AddPolicy("AdminPolicy", _ => _.RequireClaim("role", "Admin"));

        return authSettings;
    });
}


public static void UseGraphQLWithAuth(this IApplicationBuilder app)
{
    var settings = new GraphQLSettings
    {
        BuildUserContext = ctx =>
        {
            var userContext = new GraphQLUserContext
            {
                User = ctx.User
            };

            return Task.FromResult(userContext);
        }
    };

    var rules = app.ApplicationServices.GetServices<IValidationRule>();
    settings.ValidationRules.AddRange(rules);

    app.UseMiddleware<GraphQLMiddleware>(settings);
}

public class GraphQLUserContext : IProvideClaimsPrincipal
{
    public ClaimsPrincipal User { get; set; }
}

public class GraphQLSettings
{
    public Func<HttpContext, Task<object>> BuildUserContext { get; set; }
    public object Root { get; set; }
    public List<IValidationRule> ValidationRules { get; } = new List<IValidationRule>();
}

GraphType first syntax - use AuthorizeWith.

public class MyType : ObjectGraphType
{
    public MyType()
    {
        this.AuthorizeWith("AdminPolicy");
        Field<StringGraphType>("name").AuthorizeWith("SomePolicy");
    }
}

Schema first syntax - use GraphQLAuthorize attribute.

[GraphQLAuthorize(Policy = "MyPolicy")]
public class MutationType
{
    [GraphQLAuthorize(Policy = "AnotherPolicy")]
    public async Task<string> CreateSomething(MyInput input)
    {
        return Guid.NewGuid().ToString();
    }
}

Known Issues

  • It is currently not possible to add a policy to Input objects using Schema first approach.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.