https://github.com/autom8ter/oauth-graphql-ide

An oauth protected graphQL IDE
https://github.com/autom8ter/oauth-graphql-ide

graphql graphql-playground oauth2

Last synced: about 3 hours ago
JSON representation

An oauth protected graphQL IDE

• Host: GitHub
• URL: https://github.com/autom8ter/oauth-graphql-ide
• Owner: autom8ter
• License: apache-2.0
• Created: 2021-03-03T01:49:37.000Z (over 3 years ago)
• Default Branch: master
• Last Pushed: 2021-03-04T00:45:49.000Z (over 3 years ago)
• Last Synced: 2024-06-20T18:13:46.746Z (5 months ago)
• Topics: graphql, graphql-playground, oauth2
• Language: Go
• Homepage:
• Size: 40 KB
• Stars: 9
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# oauth-graphql-playground

An oauth2 protected [graphQL playground](https://github.com/graphql/graphql-playground)

## Features

- [x] Serves [GraphQL Playground](https://github.com/graphql/graphql-playground) user interface `/`

- [x] Login with [oauth authorization code grant](https://oauth.net/2/grant-types/authorization-code/)

    - automatically redirects the user to login if token is expired or cannot be refreshed

- [x] Serve local session-protected http proxy `/proxy` to a remote graphQL server/endpoint 

    - automatically adds authorization header with oauth bearer token to outbound request

- [x] Fully Configurable via environmental variables

- [x] Pluggable session management

    - [x] Cookie-based sessions

    - [ ] Redis-based sessions

- [x] Secure - token's are not accessible to browser javascript

## Installation

### Binary Release

Please see [releases](https://github.com/autom8ter/oauth-graphql-playground/releases/tag/v0.0.3) to download and add the program to your path directly

#### Using Containers

- Docker: `docker pull colemanword:oauth-graphql-playground:v0.0.3`

- [sample k8s manifest](k8s.yaml) 

- [sample docker compoase](docker-compose.yml)

## Environmental Variables

.env files are loaded if found in the same directory as oauth-graphql-playground

```

# enable debug logs

OAUTH_GRAPHQL_PLAYGROUND_DEBUG=true

# the port to serve on (default: 5000)

OAUTH_GRAPHQL_PLAYGROUND_PORT=5000

# the oauth2 client id

OAUTH_GRAPHQL_PLAYGROUND_CLIENT_ID=xxx-xxxx-xxxx-xxx

# the oauth2 client secret

OAUTH_GRAPHQL_PLAYGROUND_CLIENT_SECRET=xxx-xxxx-xxxx-xxx

# the redirect url the identity provider will send the user back to(this server)

OAUTH_GRAPHQL_PLAYGROUND_REDIRECT_URL=http://localhost:5000/oauth2/callback

# the oauth2 scopes to ask the user to consent to

OAUTH_GRAPHQL_PLAYGROUND_SCOPES=openid,email,profile

# the oauth2 authorization URL

OAUTH_GRAPHQL_PLAYGROUND_AUTHORIZATION_URL=https://accounts.google.com/o/oauth2/v2/auth

# the oauth2 token URL

OAUTH_GRAPHQL_PLAYGROUND_TOKEN_URL=https://oauth2.googleapis.com/token

# a JSON string used to configure the session manager. options: [cookies]

OAUTH_GRAPHQL_PLAYGROUND_SESSION_MANAGER={ "name": "cookies", "secret": "xxx-xxx-xxx" }

# use open id connect id token on outbound graphQL requests

OAUTH_GRAPHQL_PLAYGROUND_OPEN_ID=true

# the graphQL server to connect to (required)

OAUTH_GRAPHQL_PLAYGROUND_SERVER_ENDPOINT=http://localhost:8080/api/graphql

# CORS options

OAUTH_GRAPHQL_PLAYGROUND_CORS_ALLOW_ORIGINS=*

OAUTH_GRAPHQL_PLAYGROUND_CORS_ALLOW_METHODS=POST,GET,PUT,DELETE

OAUTH_GRAPHQL_PLAYGROUND_CORS_ALLOW_HEADERS=*

# TLS/HTTPS options

# OAUTH_GRAPHQL_PLAYGROUND_TLS_CERT_FILE=/tmp/certs/oauth-graphql-playground.cert

# OAUTH_GRAPHQL_PLAYGROUND_TLS_KEY_FILE=/tmp/certs/oauth-graphql-playground.key

```

## OAuth Providers

You will need to register an OAuth client application with an identity provider if you havent already.

Please note that your OAuth config should be setup as a "Web Application" with the "Authorization Code Grant" enabled.

You also may need to do additional configuration of your OAuth app depending on your configured scopes.

- [Google](https://support.google.com/googleapi/answer/6158849?hl=en)

    - token url: https://oauth2.googleapis.com/token

    - authorization url: https://accounts.google.com/o/oauth2/v2/auth

- [Microsoft Azure AD](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow)

    - token url: https://login.microsoftonline.com/${tenant}/oauth2/v2.0/token

    - authorization url: https://login.microsoftonline.com/${tenant}/oauth2/v2.0/authorize

- [Okta](https://developer.okta.com/docs/guides/implement-oauth-for-okta/create-oauth-app/)

    - token url: todo

    - authorization url: todo

- [Auth0](https://auth0.com/docs/applications/set-up-an-application)

    - token url: todo

    - authorization url: todo

    

- [Facebook](https://developers.facebook.com/docs/facebook-login/)

    - token url: https://graph.facebook.com/v3.2/oauth/access_token

    - authorization url: https://www.facebook.com/v3.2/dialog/oauth

- [Slack](https://api.slack.com/legacy/oauth)

    - token url: https://slack.com/api/oauth.access

    - authorization url: https://slack.com/oauth/authorize

    

- [Github](https://github.com/settings/applications/new)

    - token url: https://github.com/login/oauth/access_token

    - authorization url: https://github.com/login/oauth/authorize