Hi there, does anyone have a good library or read on how to secure a yoga/prisma endpoint so that only authorized clients can read it? My background in building node/ts backends is limited. I know that the prisma boilerplate implements auth, but I need something much more basic just to limit access to my unauthorized clients. Should I just pass a key in the header and check against it in every request? Is there a lib that does something like that for me? Thanks

You probably want to look at using a JSON Web Token (JWT) for this. You would issue the the tokens, and pass them in the header (using Bearer authorization).

@Moritz Good morning. It might be a little more complicated but if you want restrict access by permissions (hierchy) using roles. You can look into GraphQL shield or GraphQL directives. lawjolla was kind enough to share this article he wrote which is pretty neat. https://www.prisma.io/blog/graphql-directive-permissions-authorization-made-easy-54c076b5368e/

@aroman thank you very much, that looks quite interesting. It is a bit more than I am trying to achieve, but still good to look at. I also rediscovered this lib which i will probably use: https://github.com/maticzav/graphql-shield Great work there

Yup, i use stictching with graphql shield. Works like a beauty