Standard practice for a GraphQL APi is to use token-based authentication, commonly using JWT (JSON web tokens: https://jwt.io/). This would be implemented as part of the 'business logic', replacing, or complimenting, the key-based authentication which, by contrast, adds a field to the schema. The library PyJWT provides the needed support to easily add token-based authentication; it can be extended to token-based authorization should roles be defined in the future. There are several simple design questions to be discussed, and conclusions will be summarized here.
Description
Description
Details
Details
- Version
- vyos-1.4
- Is it a breaking change?
- Perfectly compatible
- Issue type
- Feature (new functionality)
Related Objects
Related Objects
- Mentioned In
- rVYOSONEX05b60b2dc6bd: graphql: T4574: add specific error message if token has expired
rVYOSONEXd70350f356c8: graphql: T4574: use Optional in func_sig
rVYOSONEX7038b761302b: graphql: T4574: reorganize directory structure for clarity
rVYOSONEX093ac258c118: graphql: T4574: call all schema definition generation on init
rVYOSONEXcbb72ad6d3f5: graphql: T4574: add interface definitions for authentication settings
rVYOSONEXaf56ddf46159: graphql: T4574: read config and generate schema with/without key auth
rVYOSONEXf76a6f68b08f: graphql: T4574: add mutation for requesting JWT token
rVYOSONEX28676844e3f4: graphql: T4574: add context to read token in queries/mutations
rVYOSONEXdc37f30a1273: graphql: T4574: set token expiration time in claims
rVYOSONEX8ed99cf86629: graphql: T4574: extend smoketest for token authentication
rVYOSONEX3db5ba8ef354: graphql: T4574: set byte length of shared secret from CLI
rVYOSONEX1265b15ffc8b: Merge pull request #1613 from jestabro/graphql-hybrid-auth
T4753: Extend automatic generation of schema to query SystemStatus
T4749: Use config_dict for conf_mode http-api.py