GraphQL Authorization

A toolset for authorizing access to graph types for GraphQL.NET.

Provides the following packages:

Package	Downloads	NuGet Latest
GraphQL.Authorization

You can get all preview versions from GitHub Packages. Note that GitHub requires authentication to consume the feed. See here.

Usage

• Register the authorization classes in your DI container - IAuthorizationEvaluator, AuthorizationSettings, and the AuthorizationValidationRule.
• Provide a custom UserContext class that implements IProvideClaimsPrincipal.
• Add policies to the AuthorizationSettings.
• Apply a policy to a GraphType or Field (which implement IProvideMetadata) using AuthorizeWith(string policy).
• Make sure the AuthorizationValidationRule is registered with your Schema (depending on your server implementation, you may only need to register it in your DI container)
• The AuthorizationValidationRule will run and verify the policies based on the registered policies.
• You can write your own IAuthorizationRequirement.
• Use GraphQLAuthorize attribute if using Schema First syntax.

Examples

1. Fully functional basic Console sample.

2. Fully functional ASP.NET Core sample.

3. GraphType first syntax - use AuthorizeWith.

public class MyType : ObjectGraphType
{
    public MyType()
    {
        this.AuthorizeWith("AdminPolicy");
        Field<StringGraphType>("name").AuthorizeWith("SomePolicy");
    }
}

3. Schema first syntax - use GraphQLAuthorize attribute.

[GraphQLAuthorize(Policy = "MyPolicy")]
public class MutationType
{
    [GraphQLAuthorize(Policy = "AnotherPolicy")]
    public async Task<string> CreateSomething(MyInput input)
    {
        return Guid.NewGuid().ToString();
    }
}

Known Issues

• It is currently not possible to add a policy to Input objects using Schema first approach.