graphql-auth-directives icon indicating copy to clipboard operation
graphql-auth-directives copied to clipboard

Published 20 hours ago verified publisher icon grand-stack

Support for federated services

Open hnrklssn opened this issue 5 years ago • 2 comments

I would like to use this library, especially is it is included in neo4j-graphql-js by default, but we use a federated architecture with one gateway handling the authentication and then making subqueries to the individual services. So while it would still be nice to let the individual services decide which fields need auth, it's unnecessary to have each service validate the JWT, since they're only accessible through the gateway. What I'm saying is, it'd be nice to be able to turn JWTs off and just add the required context variables to the request as plain objects, and trust the that the gateway has already verified the authenticity of the claims.

hnrklssn avatar Oct 18 '19 13:10 hnrklssn

I'm not entirely sure that the changes I've proposed directly fix the issues that you've mentioned, but is should remove the required verification of tokens. If there's any other changes needed to make that work I'd love to hear them.

IamFlowZ avatar Feb 11 '20 23:02 IamFlowZ

That is a big improvement, might use that in the future. For now we've forked the module so that our services don't have to use JWTs at all.

hnrklssn avatar Feb 23 '20 11:02 hnrklssn