WunderGraph builds on top of OpenID Connect for authentication. When a user is authenticated, we're storing all their claims in a cookie.
When defining your GraphQL Operations, you're able to use the
@fromClaim directive to access the claims of the user and inject them into variables.
Here's an example:
We're injecting the
Additionally, applying the
@jsonSchema directive to an operation will automatically enable an authentication check. So, the user must be authenticated to execute the operation.
Well known claims
WunderGraph supports the following well known claims:
WunderGraph also supports defining your custom claims and using them in the same as well known ones. First, define your custom claims when configuring your WunderGraph application:
Defining your custom claims allows to generate all the plumbing required to access them in a type-safe manner and get instant errors in your IDE if you accidentally misuse them.
Then use them in your operations to assign values to variables depending on the claim:
Additionaly, custom claims are also available in
User instances in both hooks and functions, under
Injecting claims into fields
@fromClaim accepts a second optional
on: argument that might be used to inject a value into an specific field. Given the following type:
We can use
@fromClaim to set the value of
Injecting multiple values
@fromClaim can be used multiple times on the same operation, injecting data into different fields. Additionally,
@fromClaim can be combined with other directives for injecting or manipulating data like