Skip to content
/ authorization Public
forked from graphql-dotnet/authorization

A toolset for authorizing access to graph types for GraphQL .NET.

License

MIT license
0 stars 38 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

theolivenbaum/authorization

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits

src

src

 
 

tools

tools

 
 

.babelrc

.babelrc

 
 

.editorconfig

.editorconfig

 
 

.gitignore

.gitignore

 
 

LICENSE.md

LICENSE.md

 
 

README.md

README.md

 
 

appveyor.yml

appveyor.yml

 
 

global.json

global.json

 
 

package.json

package.json

 
 

yarn.lock

yarn.lock

 
 

Repository files navigation

GraphQL Authorization

Build Status NuGet Join the chat at https://gitter.im/graphql-dotnet/graphql-dotnet

A toolset for authorizing access to graph types for GraphQL .NET.

Usage

  • Register the authorization classes in your container (IAuthorizationEvaluator, AuthorizationSettings, and the AuthorizationValidationRule).
  • Provide a UserContext class that implements IProvideClaimsPrincipal.
  • Add policies to the AuthorizationSettings.
  • Apply a policy to a GraphType or Field (which implement IProvideMetadata) using AuthorizeWith(string policy).
  • The AuthorizationValidationRule will run and verify the policies based on the registered policies.
  • You can write your own IAuthorizationRequirement.
  • Use GraphQLAuthorize attribute if using Schema + Handler syntax.

Examples

public static void AddGraphQLAuth(this IServiceCollection services)
{
    services.TryAddSingleton<IHttpContextAccessor, HttpContextAccessor>();
    services.TryAddSingleton<IAuthorizationEvaluator, AuthorizationEvaluator>();
    services.AddTransient<IValidationRule, AuthorizationValidationRule>();

    services.TryAddSingleton(s =>
    {
        var authSettings = new AuthorizationSettings();

        authSettings.AddPolicy("AdminPolicy", _ => _.RequireClaim("role", "Admin"));

        return authSettings;
    });
}


public static void AddGraphQLAuth(this IApplicationBuilder app)
{
    var settings = new GraphQLSettings
    {
        BuildUserContext = ctx =>
        {
            var userContext = new GraphQLUserContext
            {
                User = ctx.User
            };

            return Task.FromResult(userContext);
        }
    };

    var rules = app.ApplicationServices.GetServices<IValidationRule>();
    settings.ValidationRules.AddRange(rules);

    app.UseMiddleware<GraphQLMiddleware>(settings);
}

public class GraphQLUserContext : IProvideClaimsPrincipal
{
    public ClaimsPrincipal User { get; set; }
}

public class GraphQLSettings
{
    public Func<HttpContext, Task<object>> BuildUserContext { get; set; }
    public object Root { get; set; }
    public IList<IValidationRule> ValidationRules { get; } = new List<IValidationRule>();
}

Type syntax - use AuthorizeWith.

public class MyType : ObjectGraphType
{
    public MyType()
    {
        this.AuthorizeWith("AdminPolicy");
        Field<StringGraphType>("name").AuthorizeWith("SomePolicy");
    }
}

Schema + Handler syntax - use GraphQLAuthorize attribute.

[GraphQLAuthorize(Policy = "MyPolicy")]
public class MutationType
{
    [GraphQLAuthorize(Policy = "AnotherPolicy")]
    public async Task<string> CreateSomething(MyInput input)
    {
        return Guid.NewGuid().ToString();
    }
}

About

A toolset for authorizing access to graph types for GraphQL .NET.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages

  • C# 100.0%