How to use express-oauth2-jwt-bearer with Apollo-server and graphql?


I want to secure my API server (nodejs/apollo-server-express 3.x/graphql) and tried to use the recently published express-oauth2-jwt-bearer SDK from Auth0.
Authentication seems to be working fine but when it comes to authorization, which has to be done on the resolver level, I don’t know how to do this. The library has e.g. a requiredScopes handler but how and where can I use this?
The tutorial only mentions the usual REST API, but doesn’t mention a graphql solution. Would be great if such an example would be added to the tutorial!

Thanks for any hints or solutions!

We put our rolls and permissions in user context, read from the request when it comes in and use that at the resolver level where it is accessible

`property: (parent, args, context, info) => {},

one resource: Authentication and authorization - Apollo GraphQL Docs
Resolvers - Apollo GraphQL Docs

Thanks brett2,
I was already looking at this solution and this confirms it’s ok! :wink:

1 Like