Authorization.

[ronen1malka]

Hi,
Great article!
Can you please give some details on Authorization?
In REST we can use spring security to protect unauthorized call to endpoints. In GraphQL we have only one endpoint.
What are the alternatives?
Also, Is it possible to protect fields (hide?) from specific users?

[eh3rrera]

Hi, thanks!

Authentication/Authorization is usually done with JWT/OAuth, but here are two tutorials that you might find useful:

• https://www.howtographql.com/graphql-java/5-authentication/
• https://mi3o.com/spring-graphql-security/

Also to protect (hide) fields, you can check out field visibility.

[ronen1malka]

Thanks! From: Esteban Herrera Sent: Monday, 25 March 2019 18:05 To: eh3rrera/graphql-java-spring-boot-example Cc: ronen1malka; Author Subject: Re: [eh3rrera/graphql-java-spring-boot-example] Authorization. (#12) Hi, thanks! Authentication/Authorization is usually done with JWT/OAuth, but here are two tutorials that you might find useful: • https://www.howtographql.com/graphql-java/5-authentication/ • https://mi3o.com/spring-graphql-security/ Also to protect (hide) fields, you can check out field visibility. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.