Authentication with GraphQL

Authentication with GraphQL is left up to the developer. The GraphQL spec does not define any protocols, interfaces, patterns or best practises for authenticating users — and I think that is a good thing.

I work on many projects that use GraphQL and I’ve come up with a pattern for Authentication that has worked really well in all of them. It might not be the best pattern for you, but it is certainly one of the simplest.

The client makes a query to a GraphQL sign-in field with the users email and password. The server then validates those credentials and if correct will pass back an encrypted session cookie that contains the corresponding users id.

Demo

and finally the source code is available here:

Related posts:

Summer is coming and we all know what that means: lazy afternoons at the pool, evening BBQs, the scent of sunscreen, the packing of suitcases, and the ever-growing pile of work that still has to be…

I live in Maryland. My insurance is expensive, $470.00 a month when I am put on my fathers policy (2 cars, 2 drivers). I use him on my policy because its cheaper. I have paid my and his insurance for…

People love to leave their mark in the world.Some are doctors and save lives everyday, some win Nobel prizes for extraordinary discoveries, and some fill the Earth with their genetic material —…