As it says in the GraphQL documentation: “Delegate authorization logic to the business logic layer.” Is that really everything you need to know? This advice is coming from a good place, but it relies on you knowing how you would go about doing authorization in the first place – and this isn’t a widely solved problem! On top of that, many of the approaches used in traditional applications don’t quite carry over.
In this talk, you get a deep dive on common authorization patterns in GraphQL.
Meet the Speakers