Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/o2web/graphql-auth

GraphQL authentication with JWT
https://github.com/o2web/graphql-auth

devise graphql jwt

Last synced: 3 months ago
JSON representation

GraphQL authentication with JWT

Host: GitHub
URL: https://github.com/o2web/graphql-auth
Owner: o2web
License: mit
Created: 2018-10-04T21:39:31.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2023-02-06T13:35:44.000Z (about 2 years ago)
Last Synced: 2024-08-09T11:44:07.801Z (6 months ago)
Topics: devise, graphql, jwt
Language: Ruby
Homepage:
Size: 132 KB
Stars: 26
Watchers: 5
Forks: 27
Open Issues: 11
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE.txt
- Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

awesome-graphql - graphql-auth - A JWT auth wrapper working with devise. (Libraries / Ruby Libraries)

README

# GraphQL Auth

[![Build Status](https://travis-ci.org/o2web/graphql-auth.svg?branch=master)](https://travis-ci.org/o2web/graphql-auth) [![Maintainability](https://api.codeclimate.com/v1/badges/7e2515bb59f0b205a603/maintainability)](https://codeclimate.com/github/o2web/graphql-auth/maintainability)
[![Downloads](https://img.shields.io/gem/dt/graphql-auth.svg)](https://rubygems.org/gems/graphql-auth)
[![Latest Version](https://img.shields.io/gem/v/graphql-auth.svg)](https://rubygems.org/gems/graphql-auth)

This gem provides an authentication mechanism on a GraphQL API. It use JSON Web Token (JWT) and Devise logic.

## Installation

Add this line to your application's Gemfile:

```ruby
gem 'graphql-auth'
```

And then execute:

$ bundle

Or install it yourself as:

$ gem install graphql-auth

Then run the installer to create `graphql_auth.rb` file in your initializers folder.

```
rails g graphql_auth:install
```

Make sure to read all configurations present inside the file and fill them with your own configs.

## Devise gem

Use Devise with a User model and skip all route

```ruby
Rails.application.routes.draw do
devise_for :users, skip: :all
end
```

## Usage

Make 'JWT_SECRET_KEY' and 'APP_URL' available to ENV

```
JWT_SECRET_KEY=
APP_URL=
```

Make sure the `Authorization` header is allowed in your api

```ruby
Rails.application.config.middleware.insert_before 0, Rack::Cors do
allow do
origins '*'
resource '*',
headers: %w(Authorization Expires RefreshToken),
methods: :any,
expose: %w(Authorization Expires RefreshToken),
max_age: 600
end
end
```

Make sure to include `Graphql::AuthHelper` in your `GraphqlController`. A context method returning the current_user will be available

```ruby
class GraphqlController < ActionController::API

include Graphql::AuthHelper

def execute
variables = ensure_hash(params[:variables])
query = params[:query]
operation_name = params[:operationName]
result = ::GraphqlSchema.execute(query, variables: variables, context: context, operation_name: operation_name)
render json: result

...
```

Make sure to implement `GraphqlAuth` in your `MutationType` to make auth mutations available

```ruby
class Types::MutationType < Types::BaseObject
implements ::Types::GraphqlAuth
end
```

## Customization

If you can to customize any mutation, make sure to update the configurations

```ruby
GraphQL::Auth.configure do |config|
# config.token_lifespan = 4.hours
# config.jwt_secret_key = ENV['JWT_SECRET_KEY']
# config.app_url = ENV['APP_URL']

# config.user_type = '::Types::Auth::User'

# Devise allowed actions
# Don't forget to enable the lockable setting in your Devise user model if you plan on using the lock_account feature
# config.allow_sign_up = true
# config.allow_lock_account = false
# config.allow_unlock_account = false

# Allow custom mutations for signup and update account
# config.sign_up_mutation = '::Mutations::Auth::SignUp'
# config.update_account_mutation = '::Mutations::Auth::UpdateAccount'
end
```

## Development

After checking out the repo, run `bin/setup` to install dependencies. You can also run `bin/console` for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `graphql-auth.gemspec`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).

## Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/o2web/graphql-auth. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.

## License

The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

## Code of Conduct

Everyone interacting in the GraphQL Auth project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/o2web/graphql-auth/blob/master/CODE_OF_CONDUCT.md).