7 Adding authorization & authentication

This chapter covers:

  • Adding authentication and authorization to our application, including both the GraphQL API and our frontend React application
  • Using JSON Web Tokens (JWTs) to encode user identify and permissions
  • Expressing and enforcing authorization rules in our GraphQL schema using schema directives
  • Using Auth0 as a JWT provider and the Auth0 React integration to add Auth0 support
  • Adding JWT middleware and using Cypher parameters for user-specific access control in the API

Authentication (verifying a user) and authorization (verifying resources users can access) are needed to secure any application - ensuring users have the permissions that they should, and protecting data and actions of the application, both on the frontend and backend. So far, both our frontend React application and GraphQL API are open for anyone to access all features and functionality, including modifying, creating, and deleting data.

7.1 Authorization In GraphQL - A Naive Approach

7.2 JSON Web Tokens (JWTs)

7.3 GraphQL Authorization Directives

7.3.1 @isAuthenticated

7.3.2 @hasRole

7.3.3 @hasScope

7.4 Auth0: JWT-as-a-service

7.4.1 Configuring Auth0

7.4.2 Auth0 React

7.5 Cypher Parameters & JWT Middleware

7.6 Exercises

7.7 Summary