npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@sgrove/onegraph-apollo-server-auth

v2.0.3-alpha-2

Published

Auth helpers for apollo server using OneGraph AuthGuardian

Downloads

9

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

sgrovesgrove

Keywords

Readme

OneGraph Auth for Apollo Server

You can use AuthGuardian by OneGraph to handle all of your authentication and permission needs in your Apollo server.

Just give me an example project to try!

Good point! We have a basic example apollo-server app with OneGraph AuthGuardian you can clone and try out! Just clone the repo, follow the instructions, and you'll have a fully secured GraphQL API!

At a glance

AuthGuardian is the easiest way to allow someone to access your API based on information in GitHub, Salesforce, Gmail, etc. It lets you graphically configure sophisticated rules that will run every time a user logs in to any service (GitHub, Salesforce, Quickbooks, etc.) via OneGraph and will produce a JWT that contains everything you need to know who a user is and what they're allowed to do in your API.

Each rule consists of two parts: conditions and effects.

An example of a rule condition might be,

"When this user is a member of organization X on GitHub AND this user has made at least one commit to the repository repo-owner/repo-name".

OneGraph knows how to query each of the services to find out if the condition has been met automatically!

When all of the conditions for a rule are met, the effects are run. An effect might be:

Set the user.id to the user's GitHub user-id, and add "admin" to the list of user.roles

So the full rule would read:

"When this user is a member of organization X on GitHub AND this user has made at least one commit to the repository repo-owner/repo-name". Then set the user.id to the user's GitHub user-id AND add "admin" to the list of user.roles AND add a Netlify role of "developer"

If this rule passed after a user logged in via GitHub, OneGraph would generate a full, signed JWT for use in your GraphQL resolvers:

{
  "iss": "OneGraph",
  "aud": "https://serve.onegraph.com/dashboard/app/00000000-0000-0000-0000-000000000000",
  "iat": 1566594200,
  "exp": 1566680600,
  "user": {
    "id": 35296,
    "roles": [
      "admin"
    ]
  },
  "app_metadata": {
    "authorization": {
      "roles": [
        "developer"
      ]
    }
  }
}

Using the OneGraph JWT in Apollo Server

  1. First, install the auth package:
npm install --save onegraph-apollo-server-auth
# or 
yarn add onegraph-apollo-server-auth
  1. Use the custom directives There are two customer directives implemented by onegraph-apollo-server-auth, @isAuthencated and @hasRoles:
directive @isAuthenticated on QUERY | FIELD_DEFINITION
directive @hasRole(oneOf: [String!]) on QUERY | FIELD_DEFINITION

@isAuthenticated

Any field that has this directive added to is will always check in the JWT that a value is present at user.id. If not, the user has not authenticated (that is, has not logged into any service), and the field will return null, and an error message will be added to the response.

type Query {
  companies : [Company] @isAuthenticated
}

@hasRole

Any field with this directive added will check in the JWT at the path user.roles to make sure that the user has been granted a role that's required to view this field.

type Company {
  id: String!
  name: String @hasRole(oneOf: ["visitor"])
  accountBalance: Int! @hasRole(oneOf: ["admin"])
}

In this case, any user will be able to query for Company ids, but the AuthGuardian rules must have granted this user the visitor role to view the Company name, and the admin role to view the Company accountBalance.

Put it all together!

const { ApolloServer } = require("apollo-server-express");
const { schema } = require("./schema.js");
const {
  extractBearerToken,
  hasRoleDirective,
  isAuthenticatedDirective,
  makeOneGraphJwtVerifier
} = require("onegraph-apollo-server-auth");

const verifyJwt = makeOneGraphJwtVerifier(appId);

const server = new ApolloServer({
  typeDefs: schema,
  resolvers,
  schemaDirectives: {
    hasRole: hasRoleDirective,
    isAuthenticated: isAuthenticatedDirective
  },
  context: async incoming => {
    const token = extractBearerToken(incoming.req);

    if (!token) {
      return { jwt: null };
    }

    try {
      const decoded = await verifyJwt(token).catch(rejection =>
        console.warn(`JWT verification failed: `, rejection)
      );
      return { jwt: decoded };
    } catch (rejection) {
      console.warn(rejection);
      return { jwt: null };
    }
  }
});

And that's it! With just a few bits of annotation to your schema and a few minutes to configure the AuthGuardian rules, your entire authentication and permissions system can be taken care of securely!

Logging in your users via the OneGraph Auth Client

See the instructions on how to quickly get your users logging in via Onegraph Auth. Here's a rough summary:

Install the onegraph-auth package on your client:

npm install --save onegraph-auth
# or
yarn add onegraph-auth

Instantiate the auth client in the browser (with the same APP_ID you used to configure AuthGuardian):

import OneGraphAuth from 'onegraph-auth';

const APP_ID = YOUR_APP_ID;

const auth = new OneGraphAuth({
  appId: APP_ID,
});

And log in your user (in this case via github):

auth
  .login('github')
  .then(() => {
    auth.isLoggedIn('github').then(isLoggedIn => {
      if (isLoggedIn) {
        console.log('Successfully logged in to GitHub');
      } else {
        console.log('Did not grant auth for GitHub');
      }
    });
  })
  .catch(e => console.error('Problem logging in', e));

That's it! At the end of that flow, all of your AuthGuardian rules will have run, and the user will have a JWT that reflects their authentication and permissions for your API!