Out of all of the discussions and questions I hear about GraphQL, the one thing that comes up the most is how to properly implement both authentication as well as authorization for an API.
The concern is that these are not easy problems to solve, and they must must be solved properly in order to secure the data in your database.
Depending on your GraphQL implementation, this can look very different from one API to the next. In this video, I've walked through how to add authentication to an AWS AppSync API and then use the GraphQL Transform library to implement authorization rules on the GraphQL schema.
The GraphQL Transform library provides a simple to use abstraction that helps you quickly create backends for your web and mobile applications on AWS.
Using different directives like @auth
(authentication), @function
(add a Lambda function resolver), and @connection
(create a relationship between types) you can declaratively implement different functionality into your API.
In this video, we look at how to create an example app with two GraphQL types: Post
and Note
. For the Post
type, we want to treat it similarly to what you might see on a blog where the owner can update and delete a post, but anyone can read it. For the Note
type, we configure it so that only the person who created the note can read, update, or delete it.
After the API has been deployed, you can then further configure the resolvers as you'd like to implement business logic unique to your app.