Auth0 Home Blog Docs

Authorization Series - Pt 3: Dynamic Authorization with GraphQL and Rules

Build a Flask and GraphQL quidditch management system that uses Auth0 rules to implement ABAC and GBAC.

Read on :ferris_wheel:

Brought to you by @holly :woman_technologist:t2:

1 Like

Let us know if you have any questions regarding that!

    url: '',
    method: 'post',
    data: {
      query: `
          getPlayer(name: "${name}") {

Where does the year come from? I cannot see it in db schema, is this an other API?

Hey there!

Thanks for reporting that! year is a property for Player object but it’s missing in the db. @holly can you take a look at that? Is there something we’re missing from the tutorial?

Good catch @huyennbl. The year field is in the file and then populated in seeder.txt. That screenshot of the database structure was taken before I added it to the app, so a little outdated, but the code itself should be working. Updating the image now, thanks!

1 Like

Perfect! Thanks a lot for that @holly!

Hi guys,

I found the post very helpful and have some follow up questions. As described in post the rules that you can make on auth0 are executed when a user logs in. Is it possible to change the context object during a session? Doesn’t it cause too much overhead when a variable in the context becomes bigger and is sent in a cookie with every request?