How to use Graphql Shield with Apollo Server to authorize JWT

Graphql Shield is a nice library to centralize your authorization rules. But how to use it with Apollo Server? Let’s see. For example, what about I want to do authorization according to the information in JWT?

1. Install graphql middleware

npm i graphql-middleware

2. Get the auth info from JWT

1
2
3
4
5
6
7
8
const createContext = ({ req }) => {
const { headers } = req;
const auth = null;
// parse Auth header and do something

// put the auth info into context
return { auth };
};

3. create a simple rule for one of your GraphQL path

For instance, I want to auth the posts path;

1
2
3
4
5
6
7
8
9
const isAuthenticated = rule({ cache: "contextual" })(
async (parent, args, ctx, info) => ctx.user !== null
);

const permissions = shield({
Query: {
posts: isAuthenticated
}
});

4. Apply to Apollo server

Use graphql-middleware to combine your schema with the permissions you just created.

1
2
3
4
5
6
7
8
9
10
11
12
import { ApolloServer } from "apollo-server";
import { schema } from "./schema";
import { applyMiddleware } from "graphql-middleware";

new ApolloServer({
schema: applyMiddleware(schema, permissions),
context: createContext
}).listen({ port: 4000 }, () =>
console.log(
`🚀 Server ready at: http://localhost:4000\n⭐️ See sample queries: http://pris.ly/e/ts/graphql-apollo-server#5-using-the-graphql-api`
)
);

5. End

It just works! Thanks.

Thanks for reading!

Follow me (albertgao) on twitter, if you want to hear more about my interesting ideas.