Relay / GraphQL的身份验证和权限 [英] Authentication and privileges on Relay/GraphQL

问题描述

Facebook没有提及他们的GraphQL库的身份验证。

Facebook does not mention authentication for their GraphQL library.

假设我有一个可从GraphQL获取的用户表，我不希望向任何要求的人透露用户信息除了登录用户之外，我应该在什么级别添加身份验证层？

Suppose I have a users table fetchable from GraphQL and I do not wish to disclose users information to anybody who demands it except the logged in user, at what level should I add the authentication layer ?

在模式级别通过改变登录状态？

At the schema level by mutating a "logged-in" state ?

或者可以将额外参数传递给 graphql 函数，该函数目前只需查询和架构？

Or maybe by passing extra parameters to the graphql function that currently takes only query and schema ?

推荐答案

可以添加auth标头令牌到您的GraphQL查询。

It's possible to add auth header with token to your GraphQL queries.

var token = localStorage.getItem('id_token');

Relay.injectNetworkLayer(
  new Relay.DefaultNetworkLayer('http://pathtohost/graphql', {
    headers: {
      Authorization: token
    }
  })
);

这篇关于Relay / GraphQL的身份验证和权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！