Field Authorization
A field authorization consists of limiting access to some fields or attributes of GraphQL types. This raises the possibility to limit access to the data fields with the role or permissions of the user
Implementation: In this case an example of the field authorization of a GraphQL schema definition via GraphQL schema directives will be considered.
# GraphQL enforcement example with schema directives
type SensitiveData {
id: ID!
sensitiveField: String!@auth(requires: ADMIN)
publicField: String!
}
Authorization in GraphQL
In the field of GraphQL API building security is a primary consideration. A security measure that allows access to resources and functionalities on an API is the authorization that is used to ensure security.
In this article, We will learn about the type and field authorization state in GraphQL, including resolver authorization, field authorization, and the case deploying two approaches.