Auth0 with Dgraph GraphQL API


I have a question regarding authorization on the database being queried.

I’m in the process of building a backend using Dgraph and it exposes a GraphQL API that I’m running mutations/queries against. Dgraph has supplied an @auth directive which allows devs to define specific ways in which the JWT received, say in the Authorization header, can be evaluated for claims (in this case custom) and dis/allow access. My use case is:

  • I’d like to be able to add users to my Dgraph database using the addUser mutation generated by Dgraph
  • I’d like to ensure that only users with the role ADMIN can add/delete users (with other levels of access granted for updating/reading)
  • these @auth directives have been applied to all of the type defined in my GraphQL schema (which is fed into Dgraph to generate the database/operations)
  • I’ll add a Rule in Auth0 to query the Dgraph GraphQL API for the user that happens to be authenticating and add the role to the custom claims of the Auth0-issued JWT

How do I ensure that Auth0 has access to the Dgraph GraphQL API and that I can update the authenticating user’s JWT with the appropriate role that I have stored in the database?