Relay / GraphQL的身份验证和权限 [英] Authentication and privileges on Relay/GraphQL
本文介绍了Relay / GraphQL的身份验证和权限的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
Facebook没有提及他们的GraphQL库的身份验证。
Facebook does not mention authentication for their GraphQL library.
假设我有一个可从GraphQL获取的用户表,我不希望向任何要求的人透露用户信息除了登录用户之外,我应该在什么级别添加身份验证层?
Suppose I have a users table fetchable from GraphQL and I do not wish to disclose users information to anybody who demands it except the logged in user, at what level should I add the authentication layer ?
在模式级别通过改变登录状态?
At the schema level by mutating a "logged-in" state ?
或者可以将额外参数传递给 graphql
函数,该函数目前只需查询
和架构
?
Or maybe by passing extra parameters to the graphql
function that currently takes only query
and schema
?
推荐答案
可以添加auth标头令牌到您的GraphQL查询。
It's possible to add auth header with token to your GraphQL queries.
var token = localStorage.getItem('id_token');
Relay.injectNetworkLayer(
new Relay.DefaultNetworkLayer('http://pathtohost/graphql', {
headers: {
Authorization: token
}
})
);
这篇关于Relay / GraphQL的身份验证和权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文