Authentication with GraphQL, Absinthe, and Guardian

I’m in the process of changing over my API from rest to using GraphQL. I’m really excited about this change but I haven’t been able to figure out authentication yet.

For the rest implementation, I’ve been using Guardian and that has worked great. I’m just piping each resource through the EnsureAuthenticated module, like so:

REST AUTH

pipeline :authenticated do
  plug(MyApp.AuthAccessPipeline)
end

scope "/api/v1", MyApp do
  pipe_through([:api, :authenticated])

  # AUTHENTICATED RESOURCES
end

With this implementation I’m able to grab the current_user from the conn like so:

def current_user(conn) do
  user_id = Map.get(MyApp.Guardian.Plug.current_resource(conn), :id)
  Repo.get!(User, user_id)
end

This is straightforward and it’s served me pretty well so far. I’d like to implement something similar with GraphQL but I’m not finding any documentation on how to tackle this problem.

I have seem some blog posts like this one: https://itnext.io/authenticating-absinthe-graphql-apis-in-phoenix-with-guardian-d647ea45a69a

It’s a pretty good article but it guides you to store the token within the DB (Something I don’t want to do). Does anybody know of any good tutorials or having any advice on how to authenticate a GraphQL API with Guardian? Thanks for any help!

1 Like

May I ask why you don’t want to store the token within the DB? Is there somewhere else you’re storing the token? And how are you handling log out/token revocation?

1 Like

M02-Part3: Setup Absinthe context and add Auth middleware

https://hexdocs.pm/absinthe/context-and-authentication.html

5 Likes