graphql.github.io icon indicating copy to clipboard operation
graphql.github.io copied to clipboard
verified publisher icon graphql

Schema Diffing for Authorization

Open rijulg opened this issue 6 years ago • 0 comments

After briefly discussing this approach in GraphQL-spec (https://github.com/graphql/graphql-spec/issues/592) I realized that this should instead be added as best-practice and not necessarily be part of the spec. Since the initial RFC, I have also added this information in "graphql-rules", available here: (https://graphql-rules.com/rules/authorization-schema-diffing) {https://github.com/graphql-rules/graphql-rules/pull/13}

As of now graphql.org suggests a single method of authorization; however in practice I have had to implement a different approach to address various concerns which I have discussed in the links mentioned before.

The Schema diffing approach can be likened to an API Gateway implementation of authorization and has it's benefits; as such I suggest that we include this approach in the knowledge base so that it can be more widely used and discussed.

rijulg avatar Jul 11 '19 06:07 rijulg