GraphQL Auth
This gem provides an authentication mechanism on a GraphQL API. It use JSON Web Token (JWT) and Devise logic.
Installation
Add this line to your application's Gemfile:
gem 'graphql-auth'
And then execute:
$ bundle
Or install it yourself as:
$ gem install graphql-auth
Then run the installer to create graphql_auth.rb
file in your initializers folder.
rails g graphql_auth:install
Make sure to read all configurations present inside the file and fill them with your own configs.
Devise gem
Use Devise with a User model and skip all route
Rails.application.routes.draw do
devise_for :users, skip: :all
end
Usage
Make 'JWT_SECRET_KEY' and 'APP_URL' available to ENV
JWT_SECRET_KEY=
APP_URL=
Make sure the Authorization
header is allowed in your api
Rails.application.config.middleware.insert_before 0, Rack::Cors do
allow do
origins '*'
resource '*',
headers: %w(Authorization Expires RefreshToken),
methods: :any,
expose: %w(Authorization Expires RefreshToken),
max_age: 600
end
end
Make sure to include Graphql::AuthHelper
in your GraphqlController
. A context method returning the current_user will be available
class GraphqlController < ActionController::API
include Graphql::AuthHelper
def execute
variables = ensure_hash(params[:variables])
query = params[:query]
operation_name = params[:operationName]
result = ::GraphqlSchema.execute(query, variables: variables, context: context, operation_name: operation_name)
render json: result
...
Make sure to implement GraphqlAuth
in your MutationType
to make auth mutations available
class Types::MutationType < Types::BaseObject
implements ::Types::GraphqlAuth
end
Customization
If you can to customize any mutation, make sure to update the configurations
GraphQL::Auth.configure do |config|
# config.token_lifespan = 4.hours
# config.jwt_secret_key = ENV['JWT_SECRET_KEY']
# config.app_url = ENV['APP_URL']
# config.user_type = '::Types::Auth::User'
# Devise allowed actions
# Don't forget to enable the lockable setting in your Devise user model if you plan on using the lock_account feature
# config.allow_sign_up = true
# config.allow_lock_account = false
# config.allow_unlock_account = false
# Allow custom mutations for signup and update account
# config.sign_up_mutation = '::Mutations::Auth::SignUp'
# config.update_account_mutation = '::Mutations::Auth::UpdateAccount'
end
Development
After checking out the repo, run bin/setup
to install dependencies. You can also run bin/console
for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run bundle exec rake install
. To release a new version, update the version number in graphql-auth.gemspec
, and then run bundle exec rake release
, which will create a git tag for the version, push git commits and tags, and push the .gem
file to rubygems.org.
Contributing
Bug reports and pull requests are welcome on GitHub at https://github.com/o2web/graphql-auth. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.
License
The gem is available as open source under the terms of the MIT License.
Code of Conduct
Everyone interacting in the GraphQL Auth project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.