Add auth GraphQL directive to control field visibility according to auth roles #478

ujibang · 2023-08-08T08:21:49Z

Brief overview

Enhance GraphQL authorization providing a field directive to enforce visibility on the basis of client role.

Rationale

Currently RH allows to provide different views to different roles with the so called multi-schema solution: see https://restheart.org/docs/security/security-hardening#define-role-specific-graphql-applications

A more flexible approach is providing a directive to control field visibility:

type Query {
  hidden: String! @visible(roles:["foo", "bar"])
  person(id: ID!): Person
}

See also https://www.graphql-java.com/documentation/field-visibility/

Detailed documentation

TBD

The text was updated successfully, but these errors were encountered:

ujibang added the feature request label Aug 8, 2023

ujibang added this to the 8.0 milestone Aug 8, 2023

ujibang self-assigned this Aug 8, 2023

ujibang changed the title ~~Add auth GraphQL directive to control field visibility to roles~~ Add auth GraphQL directive to control field visibility according to auth roles Aug 9, 2023

ujibang modified the milestones: 8.0, 8.1 Apr 17, 2024

ujibang modified the milestones: 8.1, 8.2 Aug 7, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add auth GraphQL directive to control field visibility according to auth roles #478

Add auth GraphQL directive to control field visibility according to auth roles #478

ujibang commented Aug 8, 2023

Add auth GraphQL directive to control field visibility according to auth roles #478

Add auth GraphQL directive to control field visibility according to auth roles #478

Comments

ujibang commented Aug 8, 2023