Relay/GraphQL 上的身份验证和权限 [英] Authentication and privileges on Relay/GraphQL

问题描述

Facebook 没有提及其 GraphQL 库的身份验证.

Facebook does not mention authentication for their GraphQL library.

假设我有一个可从 GraphQL 获取的用户表，并且我不希望将用户信息透露给除了登录用户之外的任何需要它的人，我应该在什么级别添加身份验证层?

Suppose I have a users table fetchable from GraphQL and I do not wish to disclose users information to anybody who demands it except the logged in user, at what level should I add the authentication layer ?

在模式级别通过改变登录"状态?

At the schema level by mutating a "logged-in" state ?

或者可能通过将额外的参数传递给当前仅接受 query 和 schema 的 graphql 函数?

Or maybe by passing extra parameters to the graphql function that currently takes only query and schema ?

推荐答案

可以将带有令牌的 auth 标头添加到您的 GraphQL 查询中.

It's possible to add auth header with token to your GraphQL queries.

var token = localStorage.getItem('id_token');

Relay.injectNetworkLayer(
  new Relay.DefaultNetworkLayer('http://pathtohost/graphql', {
    headers: {
      Authorization: token
    }
  })
);

这篇关于Relay/GraphQL 上的身份验证和权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！