Thanks for checking out my talk "Becoming a Secret Agent: Securing Your GraphQL APIs with JWTs." I hope you found it helpful!
You can find the most recent (2021) version of the slides up on Speakerdeck here.
Here's the recording of the previous version of this talk I gave at GraphQL Asia 2020:
I've also got a fullstack example of this using Apollo and Auth0 you can check out, too:
Lastly, here's a pile of resources I used to build this talk:
- Hasura: JWTs on the Frontend
- Dotan Simha: Authentication and Authorization in GraphQL (and how GraphQL-Modules can help)
- Ryan Chenkie: Handling Authentication and Authorization in GraphQL
- Kim Maida: Standards-based authentication for JavaScript sites
- Ryan Chenkie: Supercharge Your Schemas with Custom Directives
- Sam Bellen: Knock knock, who's there? Authenticating your single page apps using JSON Web Tokens
- Auth0's Learn Identity with Vittorio Bertocci
- GraphQL Patterns Podcast: Authorization
- Auth0 Node QuickStart
- Roy Derks: Build and Secure a GraphQL Server with Node.js
- node-jsonwebtoken
- Hasura Docs: JWT Auth
- GraphQL Modules Docs: Resolvers Composition
- Auth0 Docs: JWKS
- express-jwt
- graphql-middleware
- Prisma Blog: GraphQL Middleware
- GraphQL Spec: Directives
- Apollo Docs: Schema Directives
If you'd like to keep in touch, follow me on Twitter and sign up for my Developer Microskills newsletter below.