How to use express-oauth2-jwt-bearer with Apollo-server and graphql?

Help
, ,
1

Hi,

I want to secure my API server (nodejs/apollo-server-express 3.x/graphql) and tried to use the recently published express-oauth2-jwt-bearer SDK from Auth0.
Authentication seems to be working fine but when it comes to authorization, which has to be done on the resolver level, I don’t know how to do this. The library has e.g. a requiredScopes handler but how and where can I use this?
The tutorial only mentions the usual REST API, but doesn’t mention a graphql solution. Would be great if such an example would be added to the tutorial!

Thanks for any hints or solutions!

2

We put our rolls and permissions in user context, read from the request when it comes in and use that at the resolver level where it is accessible

`property: (parent, args, context, info) => {},

one resource: Authentication and authorization - Apollo GraphQL Docs
Resolvers - Apollo GraphQL Docs

3

Thanks brett2,
I was already looking at this solution and this confirms it’s ok! :wink:

1 Like