Hacker News new | past | comments | ask | show | jobs | submit login

Very cool, though I'm not sure how production-ready this is, given that there doesn't seem to be a way to add authorization for certain fields / queries.

Also, does the generated schema include the primary keys? Otherwise caching in the frontend might turn out to be difficult.




Hey - I'm the author of tuql (if you can still call it authorship, I haven't updated this library in a long time :) )

I originally wrote this to speed up prototyping / development projects, I'd never recommend shipping this anywhere near production.


Which graphql frameworks do handle auth? It’s a genuine question, I don’t know the space but had to rule out graphql in its early days for a seeming lack in this area. But I’ve got a project now where it might be a great fit.


Hasura has authz this (but ive only used it it toy situations) authn is jwt or custom integration https://hasura.io/docs/latest/auth/authorization/permissions...

Edit: roles via jwt token https://hasura.io/docs/latest/auth/authentication/jwt/


Authorization is usually not handled by a GraphQL framework. You typically have a business layer between your GraphQL API and your database. (And probably some basic JWT authentication layer in front of your API. Notice the difference between authorization & authentication.)


Sorry, yes, I meant authorization. So you're saying to just effectively run a filter in the business layer based on allowed role/user/whatever. Seems pretty straightforward but I wonder if I'm missing something.


> run a filter in the business layer based on allowed role/user/whatever

Yup, this is the way I've seen it implemented everywhere so far.


You could use WunderGraph in front of your GraphQL and REST APIs to add auth, e.g. using OpenID Connect: https://docs.wundergraph.com/docs/auth/cookie-based-auth/ope...




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: