Authentication in a GraphQL api
How I do it nowdays
There are many ways you can build a graphQL api. Today I want to touch a little on how to build authentication checks on your api, so you can ensure that only logged users are able to interact with it.
The two main options that came to my mind were:
- Create
SignupandLoginmutations - Have separate routes
/signupand/loginfor handling such.
Currently my preferred approach is to use the separate routes. The reasoning behind it is very simple:
Doing it this way, I can check for authentication before the user is able to use any mutation/query on my graphql endpoint and that simplifies the authorization aspect quite a bit.