Custom Authentication
- Custom Authentication allows for tailored authentication logic based on specific requirements of an application.
- This method provides flexibility in integrating with various authentication providers and services.
Example of Custom Authentication
Let’s define a custom authentication implementation using graphql-yoga in Node.js. We can define custom middleware to authenticate requests based on the provided credentials.
const { GraphQLServer } = require('graphql-yoga');
const typeDefs = `
type Query {
hello: String!
}
`;
const resolvers = {
Query: {
hello: () => 'Hello World!',
},
};
const authenticate = (resolve, root, args, context, info) => {
// Authentication logic goes here
if (!context.request.headers.authorization) {
throw new Error('Unauthorized');
}
// Additional authentication checks...
return resolve(root, args, context, info);
};
const server = new GraphQLServer({
typeDefs,
resolvers,
middlewares: [authenticate],
});
server.start(() => console.log('Server is running on http://localhost:4000'));
Explanation
In the above code we have set up an GraphQL server using graphql-yoga
. It defines a simple schema with a single hello
query that returns “Hello World!”. It also includes an authenticate
middleware function that checks for the presence of an authorization header in the request. If the header is missing, it throws an “Unauthorized” error. The middleware is added to the GraphQL server instance to protect the resolver functions from unauthorized access. The server is started on port 4000.
JSON Web Tokens (JWT) Authentication
JWT Authentication is a popular method for token-based authentication. It allows clients to obtain and use tokens to authenticate subsequent requests.
Example of JSON Web Tokens (JWT) Authentication
Let’s demonstrate JWT Authentication in a GraphQL API using Node.js. We’ll utilize libraries like jsonwebtoken for token generation and verification.
const jwt = require('jsonwebtoken');
const { GraphQLServer } = require('graphql-yoga');
const typeDefs = `
type Query {
hello: String!
}
`;
const resolvers = {
Query: {
hello: () => 'Hello World!',
},
Mutation: {
login: (_, { username, password }) => {
// Verify username and password
// If valid, generate JWT token
const token = jwt.sign({ username }, 'your_secret_key', { expiresIn: '1h' });
return token;
},
},
};
const authenticate = async (resolve, root, args, context, info) => {
const authHeader = context.request.headers.authorization;
if (!authHeader || !authHeader.startsWith('Bearer ')) {
throw new Error('Unauthorized');
}
const token = authHeader.split(' ')[1];
try {
const decoded = jwt.verify(token, 'your_secret_key');
// Add authenticated user to context
context.user = decoded.username;
} catch (error) {
throw new Error('Invalid or expired token');
}
return resolve(root, args, context, info);
};
const server = new GraphQLServer({
typeDefs,
resolvers,
middlewares: [authenticate],
});
server.start(() => console.log('Server is running on http://localhost:4000'));
Explanation
In the above code we have set up an GraphQL server using graphql
-
yoga
. It defines a schema with a hello
query and a login
mutation for JWT token generation. The authenticate
middleware checks for a valid JWT token in the request header and adds the decoded username to the context. The server is started on port 4000. Remember to replace '
your_secret_key
'
with your actual secret key for JWT operations.
Authentication in GraphQL
Authentication is a critical aspect of securing any API, including GraphQL. In this article, we’ll learn about the various authentication methods commonly used in GraphQL APIs, including HTTP Authentication, Custom Authentication, and JSON Web Tokens (JWT) Authentication. For each method, we will learn implementation with examples.