apollo-universal-starter-kit icon indicating copy to clipboard operation
apollo-universal-starter-kit copied to clipboard

Published 20 hours ago verified publisher icon sysgears

Modular Role Scope

Open johnthepink opened this issue 7 years ago • 3 comments

I noticed the scope for graphql-auth is currently nested under the user module. I thought it would be cool if different modules could declare their own scope and then compose them together.

Any thoughts on this? I'd be happy to get a PR going. Thanks!

johnthepink avatar Dec 20 '17 02:12 johnthepink

That would be a nice addition. I remember we were talking about something like this in the gitter chat.

mairh avatar Dec 20 '17 09:12 mairh

@mairh cool I'll do a search through there and take a crack at it.

johnthepink avatar Dec 20 '17 17:12 johnthepink

You may look at what I have been doing on this branch with auth/scopes https://github.com/sysgears/apollo-universal-starter-kit/pull/562

config/auth.js is a good outline of the auth system.

graphql-auth has some limitations, I pulled the code into src/common/authValidation.js The backend "withAuth" is joined by a "checkAuth" which uses the same permissioning format.

The setup should allow for many numbers of scope styles and verification. I have some concern about the way graphql-auth and withAuth does it's validations. (It's basically a pairwise comparison between required scopes and provided scopes that replaces '' with '.' and then does a regex check. Seems that could go awry and be difficult to catch security bugs.

Still have to think about how validation works with context and object ownership...

verdverm avatar Dec 21 '17 17:12 verdverm