[Feedback Needed 👀] How are you using GraphQL?

dan-auth0 · May 7, 2020, 7:39am

I am interested to learn how others in the Community are using GraphQL in production. Are you using a platform/library like Apollo GraphQL, vanilla GraphQL, or anything else?

Are you already integrating Auth0 with GraphQL? Any friction you may have found in the process?

Thank you for any feedback on this

mvandergrift · May 13, 2020, 11:01pm

We’re using auth0 as an identity provider with Apollo Client connecting to Apollo Server [nodejs] and gqlgen [go] backends. To a limited extend, we are using auth0 to manage authorization for some of the graphql access as well by passing roles, permissions, and identity down the context to the resolvers.

There has been friction at three levels of the process:

Infrastructure - AWS Lambda / API & custom authorizers
GraphQL itself is great, but has its own set of issues primarily around authorization
auth0 - I would say this has been the most transparent. Parsing the jwt and running it through the various middlewares is similar to our pre-auth0 implementations and didn’t requite too many changes.

Going forward, most of our effort will revolve around how we want to handle RBAC - how much we want to use auth0’s roles, how we work around some of the limitations in AWS custom authorizers, etc.

Overall, it was a fairly straightforward integration. Let me know if you have any specific questions, I’d be happy to elaborate.

Matt

dan-auth0 · May 14, 2020, 12:10am

Matt, welcome to the Auth0 Community and thank you for your insightful response This is an interesting use case, specially the integration with AWS.