Structuring for Authorization
Some authorization concerns can be handled by the very structure of the data within our application, and we can use this when we design our schema. The idea is that a single field can authenticate for fields deeper down in our query. After all, a GraphQL document is a tree; if we can have a single field act as a gatekeeper for any data that requires authorization, it could simplify our code and the amount of mental overhead involved in trying to remember whatâs public and what isnât.
A good example of some data in our application that is structured this way is the orders that are associated with a particular customer record. Based on what weâve done so far, if weâre logged in as a customer and want to get ...
Get Craft GraphQL APIs in Elixir with Absinthe now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
