{"id":18926199,"url":"https://github.com/graph-quilt/graphql-authorization-java","last_synced_at":"2025-10-07T02:16:05.668Z","repository":{"id":40259135,"uuid":"434718813","full_name":"graph-quilt/graphql-authorization-java","owner":"graph-quilt","description":"This library enables access control for accessing types and fields when making a GraphQL request.","archived":false,"fork":false,"pushed_at":"2025-07-12T01:12:37.000Z","size":245,"stargazers_count":22,"open_issues_count":2,"forks_count":7,"subscribers_count":11,"default_branch":"master","last_synced_at":"2025-08-30T09:37:39.083Z","etag":null,"topics":["abac","access-control","authorization","federation","graphql","hacktoberfest","hacktoberfest2023"],"latest_commit_sha":null,"homepage":"https://graph-quilt.github.io","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/graph-quilt.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2021-12-03T20:00:58.000Z","updated_at":"2024-03-04T14:08:48.000Z","dependencies_parsed_at":"2023-01-29T22:30:59.036Z","dependency_job_id":"382f912d-4c68-400e-a43e-de08961aaa6f","html_url":"https://github.com/graph-quilt/graphql-authorization-java","commit_stats":{"total_commits":76,"total_committers":6,"mean_commits":"12.666666666666666","dds":0.4342105263157895,"last_synced_commit":"2fec08f53019ee087047b3192739b42821dcb798"},"previous_names":["intuit/graphql-authorization-java"],"tags_count":20,"template":false,"template_full_name":null,"purl":"pkg:github/graph-quilt/graphql-authorization-java","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graph-quilt%2Fgraphql-authorization-java","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graph-quilt%2Fgraphql-authorization-java/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graph-quilt%2Fgraphql-authorization-java/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graph-quilt%2Fgraphql-authorization-java/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/graph-quilt","download_url":"https://codeload.github.com/graph-quilt/graphql-authorization-java/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graph-quilt%2Fgraphql-authorization-java/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278708004,"owners_count":26031932,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-07T02:00:06.786Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["abac","access-control","authorization","federation","graphql","hacktoberfest","hacktoberfest2023"],"created_at":"2024-11-08T11:14:58.107Z","updated_at":"2025-10-07T02:16:05.650Z","avatar_url":"https://github.com/graph-quilt.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n![graphql-authorization-java](./graphql-authorization-java.png)\n\n\u003c/div\u003e\n\n\u003cdiv style=\"text-align: center;\"\u003eA powerful library for securing a GraphQL service using attribute level access control. \u003c/div\u003e\n\n-----\n\n![Master Build](https://github.com/graph-quilt/graphql-authorization-java/actions/workflows/main.yml/badge.svg)\n\n\n## Introduction\n\nThis library enforces access control on GraphQL queries by checking for allowed types and fields. A GraphQL query that \nhas access to some of the requested fields/types will return:\n* Requested fields it has access to\n* Authorization Error message for the fields it does not have access to. You can customize the error message by over-riding the\n`getErrorMessage` method in the `ScopeProvider` interface. \n \n```json lines\n \"errors\": [\n {\n \"message\": \"403 - Not authorized to access field=accountId of type=AccountType\",\n ...\n },\n```\n\n## Getting Started \n\n#### Maven coordinates:\n\n```xml\n \u003cdependency\u003e\n \u003cgroupId\u003ecom.intuit.graphql\u003c/groupId\u003e\n \u003cartifactId\u003egraphql-authorization-java\u003c/artifactId\u003e\n \u003cversion\u003e${latest.version}\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\n### Usage\n\n* Implement the AuthzClientConfiguration interface and provide the configuration for initialization. The configuration contains\n mappings of scopes represented by `id` to the `list of Queries` allowed by that `id`. The id can also represent clientids, \n userids, scopes or roles.\n\n* Add the AuthzInstrumentation defined in the library as an instrumentation when you create your GraphQL Instance. More on\n [graphql-java instrumentation](https://www.graphql-java.com/documentation/instrumentation/)\n \n If dgs framework is used, add the AuthzInstrumentation as a bean in the configuration class.\n\n* The library provides a default implementation of the ScopeProvider interface. The default implementation uses the request-context\n to fetch the list of scopes associated with the request. The default implementation can be over-ridden by providing a custom\n implementation of the ScopeProvider interface.\n * Get scopes should be customized by overriding the `getScopes` method in the ScopeProvider interface.\n * Request-context information would be available at execution time. Request-context would have headers and that could be used\n to fetch the list of scopes associated with the request.\n * Error Message could be customized by overriding the `getErrorMessage` method in the ScopeProvider interface.\n \n* AuthZlistener is an optional interface that can be implemented to listen to the authorization events. The listener can be used\n to log the authorization events or to send the events to a monitoring system. The listener can be added to the instrumentation\n by providing an implementation of the AuthzListener interface.\n \n* AuthorizationExtensionProvider is an optional interface that can be implemented to provide custom authorization extensions.\n The extensions can be used to add custom authorization logic. The extensions can be added to the instrumentation by providing\n an implementation of the AuthorizationExtensionProvider interface.\n\n ```java\n GraphQL.newGraphQL(schema)\n .instrumentation(new AuthzInstrumentation(authzClientConfiguration, schema, scopeProvider,authzListener, authorizationExtensionProvider))\n .build();\n ```\n### Example Implementation\n\nPlease refer to the [example service](https://github.com/graph-quilt/example-subgraphs/tree/main/name-service) where this library was used to\nimplement user permissions with userids. \n\n### Contributing\n\nRead the [Contribution guide](./.github/CONTRIBUTING.md)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgraph-quilt%2Fgraphql-authorization-java","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgraph-quilt%2Fgraphql-authorization-java","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgraph-quilt%2Fgraphql-authorization-java/lists"}