DEV Community

loading...

Discussion on: ‌How To Create GraphQL Server With Golang

Collapse
forstmeier profile image
John Forstmeier

Great piece! I'm actually in the process of trying to get setup using gqlgen combined with Dgraph as the backend database for an application. I'm sort of hung up on how to roll out authentication and authorization in the app though.

  • Authentication: You give an example of using middleware but I've also seen examples of users rolling out directives as the means of accomplishing this (here's an example - see the @isAuthenticated directive for reference). How would an authentication check work using directives with gqlgen?
  • Authorization: This seems more easily doable in the example link above but what I'm particularly interested in is implementing multi-tenancy in the app - I've talked to some of the maintainers at Dgraph and they indicated that they might be rolling out support for this via their own custom directives but I wanted to see what other approaches there might be. Question here is: how can directives be used here for both general access permissions within an org as well as preventing visibility between orgs to support multi-tenancy?

P.S. I can't figure out how the ctx would get populated in their TODO example if I were to try and send a query for the done field as them.

Collapse
glyphack profile image
Shayegan Hooshyari Author

Hi sorry for my late answer but dev.to notifications are kind of mixed up and I missed this one. To be honest I don't know enough to answer your question. you can try stackoverflow. Also I read more on this and give you update on it.