I’m in the process of changing over my API from rest to using GraphQL. I’m really excited about this change but I haven’t been able to figure out authentication yet.
For the rest implementation, I’ve been using Guardian and that has worked great. I’m just piping each resource through the EnsureAuthenticated
module, like so:
REST AUTH
pipeline :authenticated do
plug(MyApp.AuthAccessPipeline)
end
scope "/api/v1", MyApp do
pipe_through([:api, :authenticated])
# AUTHENTICATED RESOURCES
end
With this implementation I’m able to grab the current_user
from the conn
like so:
def current_user(conn) do
user_id = Map.get(MyApp.Guardian.Plug.current_resource(conn), :id)
Repo.get!(User, user_id)
end
This is straightforward and it’s served me pretty well so far. I’d like to implement something similar with GraphQL but I’m not finding any documentation on how to tackle this problem.
I have seem some blog posts like this one: https://itnext.io/authenticating-absinthe-graphql-apis-in-phoenix-with-guardian-d647ea45a69a
It’s a pretty good article but it guides you to store the token within the DB (Something I don’t want to do). Does anybody know of any good tutorials or having any advice on how to authenticate a GraphQL API with Guardian? Thanks for any help!