WunderGraph builds on top of OpenID Connect for authentication. When a user is authenticated, we're storing all their claims in a cookie.
When defining your GraphQL Operations, you're able to use the
@fromClaim directive to access the claims of the user and inject them into variables.
Here's an example:
We're injecting the
email claims into the
$email variables. The variables are removed from the exported JSON RPC API. This means, the user cannot set them manually, JSON Schema validation would prevent this automatically.
Additionally, applying the
@jsonSchema directive to an operation will automatically enable an authentication check. So, the user must be authenticated to execute the operation.