-
Notifications
You must be signed in to change notification settings - Fork 0
Graphql Auth
Graphql auth is handled using JWT. If a route is protected using the isAuthorized middleware the user must hold a valid auth token, passed in the authorization header, to return any results.
The middleware has an associated context and when using the isAuthorized annotation the context will contain a payload field which in turn contains a uid field with the uid of the user if the user is authenticated. If the user is unauthenticated then the middleware will return an error to the client without executing the rest of the query.
For testing purposes a token, with uid test-uid, can be obtained from the getTestingToken query. This can then be placed into the authorization header. This "feature" will only work on development (for obvious reason).
OnBoard © 2020