go-gql-server icon indicating copy to clipboard operation
go-gql-server copied to clipboard

Published 20 hours ago verified publisher icon cmelgarejo

Authentication

Open txbrown opened this issue 3 years ago • 0 comments

Hi @cmelgarejo thanks for this well put server and perhaps even a small framework for gqlgen. I've been using this setup and variations of it for a couple projects now and would like to know your thoughts on protecting the api. When you have an app it typically has some public queries and mutations like "signin", listing results on an home screen for example and so on. I noticed on this project you default to not allow any requests to pass through that are not authenticated. Was there a specific reason?

What I've been doing is allowing requests that do not have any auth header/token to pass through and then validate on resolvers if there shoudl be an authenticated user or not to perform that action.

Would love to hear your thoughts on this.

Thanks in advance!

txbrown avatar Apr 27 '21 07:04 txbrown