{"id":23002676,"url":"https://github.com/treedomtrees/mercurius-auth-opa","last_synced_at":"2025-08-14T01:31:31.974Z","repository":{"id":244952475,"uuid":"812927937","full_name":"treedomtrees/mercurius-auth-opa","owner":"treedomtrees","description":"Mercurius Auth directive using Open Policy Agent","archived":false,"fork":false,"pushed_at":"2024-07-23T13:59:05.000Z","size":23,"stargazers_count":5,"open_issues_count":0,"forks_count":2,"subscribers_count":6,"default_branch":"master","last_synced_at":"2024-11-29T16:43:34.499Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://www.npmjs.com/package/@treedom/mercurius-auth-opa","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/treedomtrees.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-06-10T07:09:50.000Z","updated_at":"2024-07-23T13:58:35.000Z","dependencies_parsed_at":"2024-06-20T21:26:46.938Z","dependency_job_id":"54037aeb-b9dd-45d9-8e49-006d54afe3a3","html_url":"https://github.com/treedomtrees/mercurius-auth-opa","commit_stats":null,"previous_names":["treedomtrees/treedom-mercurius-auth-opa"],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/treedomtrees%2Fmercurius-auth-opa","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/treedomtrees%2Fmercurius-auth-opa/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/treedomtrees%2Fmercurius-auth-opa/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/treedomtrees%2Fmercurius-auth-opa/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/treedomtrees","download_url":"https://codeload.github.com/treedomtrees/mercurius-auth-opa/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":229790986,"owners_count":18124607,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-15T07:11:59.156Z","updated_at":"2024-12-15T07:11:59.762Z","avatar_url":"https://github.com/treedomtrees.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# @treedom/mercurius-auth-opa\n\n\u003ca href=\"https://www.treedom.net/it/organization/treedom/event/treedom-open-source?utm_source=github\"\u003e\u003cimg src=\"https://badges.treedom.net/badge/f/treedom-open-source?utm_source=github\" alt=\"plant-a-tree\" border=\"0\" /\u003e\u003c/a\u003e\n\nMercurius Auth OPA is a plugin for Mercurius that adds an Authentication and Authorization directive using Open Policy Agent\n\n__Made with ❤️ at\u0026nbsp;\u0026nbsp;[\u003cimg src=\"https://assets.treedom.net/image/upload/manual_uploads/treedom-logo-contrib_gjrzt6.png\" height=\"24\" alt=\"Treedom\" border=\"0\" align=\"top\" /\u003e](#-join-us-in-making-a-difference-)__, [join us in making a difference](#-join-us-in-making-a-difference-)!\n\n## Usage\n\n```typescript\nimport { opaAuthPlugin } from \"@treedom/mercurius-auth-opa\";\nimport { opaAuthDirective } from \"@treedom/mercurius-auth-opa/opaAuthDirective\";\n\nconst schema = `#graphql\n  ${opaAuthDirective}\n\n  type Query {\n    ping(message: String!): String! @opa(path: \"my/opa/policy\", options: { ... })\n  }`\n\napp.register(mercurius, {\n  schema,\n  resolvers: {\n    Query: {\n      ping: (source, args) =\u003e args.message,\n    },\n  },\n})\n\napp.register(opaAuthPlugin, {\n  opaEndpoint: 'https://my.opa.endpoint',\n})\n```\n\n## OPA policy input\n\nThis plugin queries OPA providing the following properties as `input`\n\n- `headers` the Fastify headers object\n- `parent` the Mercurius parent object of the field/object which got queried\n- `args` the Mercurius args object of the field/object which got queried\n- `options` static untyped properties defined in the directive arguments _(optional)_\n\n### Example Rego Policy\n\nLet's imagine a GraphQL server which accept requests authorized using JWTs containing the `role` property in their claims.\nThe following Rego uses a hypotetical `oidc.verify_token` that validates the JWT signature and returns the token claims\nor false if the token is not valid.\n\n```rego\npackage my.opa.policy\n\nimport rego.v1\nimport data.oidc\n\ndefault allow := false\n\nallow if {\n    user := oidc.verify_token(input.headers.authorization)\n\n    user\n    user.role = \"admin\"\n}\n```\n\n## Custom directive\n\nThe authorization directive can be customized registering a custom one in the schema and specifying its name in the plugin configuration\n\n```graphql\nscalar OpaOptions\ndirective @policy(path: String!, options: OpaOptions) on OBJECT | FIELD_DEFINITION\n```\n\n```typescript\napp.register(opaAuthPlugin, {\n  // ...\n  authDirective: 'policy'\n})\n```\n\n```typescript\napp.register(opaAuthPlugin, {\n  // ...\n  opaOptions: {\n    // ...\n  }\n})\n```\n\n## 🌳 Join Us in Making a Difference! 🌳\n\nWe invite all developers who use Treedom's open-source code to support our mission of sustainability by planting a tree with us. By contributing to reforestation efforts, you help create a healthier planet and give back to the environment. Visit our [Treedom Open Source Forest](https://www.treedom.net/en/organization/treedom/event/treedom-open-source) to plant your tree today and join our community of eco-conscious developers.\n\nAdditionally, you can integrate the Treedom GitHub badge into your repository to showcase the number of trees in your Treedom forest and encourage others to plant new ones. Check out our [integration guide](https://github.com/treedomtrees/.github/blob/main/TREEDOM_BADGE.md) to get started.\n\nTogether, we can make a lasting impact! 🌍💚\n\n## Contributing\n\nContributions are welcome! Please read the contributing guidelines before submitting a pull request.\n\n## License\n\nThis project is licensed under the MIT License.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftreedomtrees%2Fmercurius-auth-opa","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftreedomtrees%2Fmercurius-auth-opa","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftreedomtrees%2Fmercurius-auth-opa/lists"}