Skip to content
Branch: master
Find file History
bk-splunk and AlecAivazis Broke out planning step for error handling; fixed memory leak (#81)
* Added in returning 400's for plan failure, data set as nil when it doesn't exist

* fixed go.mod

* tidied mods

* close channel being held open forever

* break on close
Latest commit 22d0fd9 Dec 22, 2019
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
README.md
gateway.go
go.mod
go.sum
todo.go
users.go

README.md

Authentication Example

This example showcases a typical approach to handling authorization and authentication behind a gateway. In this example, there are 2 services apart from the gateway itself. One service is in charge of user information (including their password) and the other handles a todo list. The intent is that a user logs in and can see their specific todo list.

The general flow goes something like:

  • The user service defines a mutation called loginUser that checks if the credentials are valid and responds with a token.

  • Somehow (not shown here), the client holds onto this tokens and sends it with future requests to the gateway under the Authorization header.

  • When the gateway receives a query, it looks for the token and if its present, sends the value as the USER_ID header when sending queries to the services.

  • The other services uses the header value to perform whatever user-specific logic is required.

  • The current user can query for their User record with the viewer gateway field

Keep in mind that this demo should not be taken as an example of a secure authorization system. Its purpose is just to illustrate how one can pass pass user-specific information onto the backing services.

Running the example

To run the example, start the services defined in users.go and todo.go first by running go run <file name> from this directory. You'll have to run them in separate terminals. Then in a third terminal, start the gateway.go and visit http://localhost:4000 which should show you a playground to interact with.

User Credentials

In this example, there are 3 users (numbered 1,2,3) with credentials that take the form username1/password1. Each of them has a unique set of todo items.

You can’t perform that action at this time.