Skip to content

JWT scope verification based on query or mutation in the body #11

New issue
New issue
Open
Open
JWT scope verification based on query or mutation in the body#11
Labels
enhancementhelp wanted
@stevehu

Description

@stevehu
stevehu
opened on Mar 28, 2017

Now the graphql-security only verify the signature of the JWT token and checks if the token is expired. Given there is no OpenAPI specification to defined the scope for each endpoint. Actually, we only a single endpoint for graphql. In order to control who can run query and who can run mutation, we can parse the body to check the request type and then apply seviceId.r or serviceId.w to each request. This is based on the convention instead of specification. Also, this relies on a parser of body to work.

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    enhancementhelp wanted

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions