Hello, using a GraphQL API gateway how would I handle authorization/permissions to microservices using schema stitching? I want the gateway to handle authorization without having to add tokens to each microservice

If the micro services are unreachable, you can run them open. But if they're reachable, you'll need some kind of token system between the gateway and the services.. even just hard coded

Yea I definitely need to pass down the token. Stitching is doing more than we needed (which is good). Apparently with the remoteSchema there’s no need to write the resolver again. I would love be able to wrap permission in our gateway (if I had access to the resolver). Unfortunately we need to funnel everything through the gateway into micro-services. The idea behind the gateway in our architecture was to handle all auth/permissions. Each micro-services has it’s own auroradb with prisma interface That being said, I will look into an authorization middleware and graphql directives.. Any recommendations?

In my set up, the gateway does the request authentication and permission, so the mircoservices have no responsibility other than serving the request. However, because they're online, the micro services authenticated the request from the gateway with a hard coded token. I'm fond of the article I wrote. 🙂 https://www.prisma.io/blog/graphql-directive-permissions-authorization-made-easy-54c076b5368e/

I will thank you very much man! I actually read this article before asking! It’s amazing writing thanks for that 😄 I will for ask if I have any questions

Thanks that's really nice of you!