Authentication through auth and skipAuth directives
This page is currently under construction and expected to change. Please feel free to reach out to us directly in case you are having any troubles.
You can use the auth and skipAuth directives to control access to your GraphQL API. These
directives are used to enforce authentication and authorization rules on your supergraph.
You need to configure your gateway to use specific authentication rules in order to use these directives.
See here to configure Generic Auth plugin for GraphQL Mesh Serve
Granular field access by using schema field directive @auth
You can use the auth directive to enforce authentication rules on specific fields. This directive
can be used to restrict access to certain fields based on the viewer’s session.
You need to define the auth directive in your schema:
directive @auth on FIELD_DEFINITIONThen, you can use the auth directive to set authentication rules on fields:
type Query {
me: User! @auth
protectedField: String @auth
# publicField: String
}In order to use this directive, you need to configure Generic Auth plugin to use Granular field access by using schema field directives or field extensions in your GraphQL Mesh Gateway.
Exclude fields from authentication by using schema field directive @skipAuth
If you have completely protected supergraph but allow unauthenticated access for certain fields by annotating them.
You need to define the skipAuth directive in your schema:
directive @skipAuth on FIELD_DEFINITIONThen, you can use the skipAuth directive to exclude fields from authentication:
type Query {
me: User!
protectedField: String
publicField: String @skipAuth
}In order to use this directive, you need to configure Generic Auth plugin to use Complete Protection in your GraphQL Mesh Gateway.