Hi everyone,
I have an graphql API with a gateway that provides access to all the available data in my system. Subgraphs and individual fields are secured by permissions according to a token’s scope. There are two things I’m trying to accomplish:
-
Since this is a microservice architecture, I have other services that need to access data. I’d like to only grant permissions to the fields each service needs, which means each service should be able to request a token with a different scope. Do I have to create a different m2m application and custom API in order to generate tokens with different scopes?
-
This API can also be accessed by users, although the scope will obviously be different. Is it possible to have an API that can be accessed by a SPA application, and m2m? I’ll throw Native in there as well because that will become a requirement soon as well.
Any advice or questions would be greatly appreciated, thanks!
-JB