How to authorize with GraphQL and Hot Chocolate 13
ฝัง
- เผยแพร่เมื่อ 2 ต.ค. 2024
- Hi everyone,
In this episode, we will dive into the new authorization support we introduced with Hot Chocolate 13. We will look at the differences between Hot Chocolate 12 and Hot Chocolate 13 and dive into the basic concepts of the new authorization support.
Please, if you like our project, give us a star on GitHub:
github.com/Chi...
Workshops:
chillicream.co...
Hot Chocolate GraphQL .NET server version used in this video: www.nuget.org/...
Social Media:
Follow me on GitHub: bit.ly/michael...
Follow me on Twitter: bit.ly/michael...
Connect on LinkedIn: bit.ly/michael...
Web:
chillicream.com
#dotnet #graphql #hotchocolate #authorization
I'm still waiting for Authentication demo (03:42)
Can we get JWT implementation next, ive been stuck on th best pracrice for this 🙏
Is the source code for this available? I'd like to see the `CustomSocketSessionInterceptor`. Having trouble setting up authorization with subscriptions.
Please can you add a link to the authentication video? I've not been able to find it
Could you provide links to the other 2 parts of the series?
great tutorial. Please make a video about authentication as you mentioned in this video. Thank you in advance!
It would be great if AuthorizationContext contained a bit more data, such as and parameters that are being passed. For example if you add it to a `Symbol` type, but the authorization policy has to know which symbol (i.e. BTC), and that info is in a variable in the query, but you cant access that variable unless you run it during execution
We will do a refinement of authorization with the feedback we got over the last weeks. One of them is to put more stuff on the auth context.
Looks great but "strongly untyped". It would be greater to have generic AddValidationPolicy and AddContextPolicy to avoid checking for types and casting. Different AddXyzPolicy could distinguish between different phases (before, after, etc.) and generic parameter could represent Parent context or the resolved value itself. This way you could probably avoid string based policy and rely entirely on types.
The issue here is that we need to integrate with systems like OPA or Microsofts authorization policies which all specify their policies with a string.
Could we get an example with subscriptions?
When i followed the documentation on v13 for Auth, my websockets broke. Do you have a guide to how to make Authorize work with Subscriptions?
question can there be a service level authentication and a separate user level authentication?
where the service level authentication has access to everything..
but the user level authentication only has access to their own data and no else's data
Awesome work! I like the way data is protected on objects, not on endpoints (like in Rest).
Thank you!
Great work! I wanted to protect some of my resources by ownership and the iMiddlewareContext was the missing piece that I needed. Looking forward to what's cooking up next.
no puedes compartir el codigo -.-
So where's the other 2 parts?
🤭