How to use express-oauth2-jwt-bearer with Apollo-server and graphql?

marclovesjazz · June 27, 2022, 8:53am

Hi,

I want to secure my API server (nodejs/apollo-server-express 3.x/graphql) and tried to use the recently published express-oauth2-jwt-bearer SDK from Auth0.
Authentication seems to be working fine but when it comes to authorization, which has to be done on the resolver level, I don’t know how to do this. The library has e.g. a requiredScopes handler but how and where can I use this?
The tutorial only mentions the usual REST API, but doesn’t mention a graphql solution. Would be great if such an example would be added to the tutorial!

Thanks for any hints or solutions!

brett2 · June 30, 2022, 7:09pm

We put our rolls and permissions in user context, read from the request when it comes in and use that at the resolver level where it is accessible

`property: (parent, args, context, info) => {},

one resource: Authentication and authorization - Apollo GraphQL Docs
Resolvers - Apollo GraphQL Docs

marclovesjazz · July 1, 2022, 9:24am

Thanks brett2,
I was already looking at this solution and this confirms it’s ok!

Topic		Replies	Views
Auth0 with nextjs and graphql (client / server architecture) Help nextjs , graphql	1	3457	November 3, 2020
How to implement authentication for GraphQL Subscription Help jwt	3	5401	May 19, 2020
No tutorials on how to get and use authorization headers from logged in users? (VueJS, Vue-Apollo, Hasura, Auth0) JWT.io jwt , auth0 , vuejs , graphql	2	4259	July 10, 2020
Integrating Auth0 with NestJS - am unable to verify the access token within my API Help forum	5	4020	August 30, 2024
Authorization question Help jwt , auth0 , api	1	1612	June 8, 2022

How to use express-oauth2-jwt-bearer with Apollo-server and graphql?

Related Topics