Skip to content
This repository has been archived by the owner on Jul 27, 2020. It is now read-only.

How to handle authorization with yoga? #35

Open
Weakky opened this issue Jan 25, 2019 · 5 comments
Open

How to handle authorization with yoga? #35

Weakky opened this issue Jan 25, 2019 · 5 comments
Labels
kind/feature rfc/0-needs-spec

Comments

@Weakky
Copy link
Contributor

Weakky commented Jan 25, 2019
edited
Loading

Description

A common library to handle authorization is graphql-shield.

Although initially designed for "SDL-first" development, it is already compatible with nexus using graphql-middleware.

Three options are offered to us:

  • Expose graphql-shield as-is through examples
  • Bundle Yoga with graphql-shield and provide some integration/more idiomatic API to nexus
  • Start with something completely new and more idiomatic to nexus/"resolver-first"

Let's use this thread as a place to discuss this feature 🙌
@wtrocki
Copy link
Contributor

wtrocki commented Jan 25, 2019

@Weakky How about having just simple POC with Authentication/Authorization to research using graphql-shield/passport and see how it will cooperate with nexus resolver first aproach?

@maticzav
Copy link
Collaborator

I like the idea of exploring the potential of integration with graphql-shield, however, I agree with @wtrocki that we should give the idea some time and see most common use cases.

Perhaps there's an elegant way of combining the two - if nothing else, we should bring type and field-name suggestions to graphql-shield which currently only messages you with details on the wrong configuration.

Last note, I believe it's worth discussing how we would want to define permissions in nexus. graphql-shield provides a very neat abstraction layer which allows you to have a complete separation of concepts, however, this might not be as useful with nexus. Do we want to collect permissions in one/separate file, or bundle them with other logic?

@wtrocki
Copy link
Contributor

wtrocki commented Jan 25, 2019
edited
Loading

Perhaps there's an elegant way of combining the two - if nothing else, we should bring type and field-name suggestions to graphql-shield which currently only messages you with details on the wrong configuration.

That sounds good. I'm hoping to integrate yoga/passport and shield together in form of example project to explore couple options. It will be challenging to support all use cases so going with sensible defaults may help. There are also many types of auth connectors- for example OAuth etc. that can have different flow and affect how things are done.

@Weakky
Copy link
Contributor Author

Weakky commented Feb 15, 2019

Let's first wait for graphql-nexus/nexus#23 to land

@Weakky Weakky pinned this issue Feb 26, 2019
@Weakky
Copy link
Contributor Author

Weakky commented Mar 1, 2019

I think once #88 lands, we could very well have a separate package that would mimic how https://github.com/nyambati/express-acl works

This was referenced Mar 5, 2019
Open
Open
@Weakky Weakky unpinned this issue Mar 5, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/feature rfc/0-needs-spec
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@wtrocki @maticzav @Weakky