• Docs
  • Pricing
  • Support
  • Blog
  • Login

›External Authentication

Intro

  • What's OneGraph?
  • How does it work?
  • Creating your first app
  • Making your first query
  • OneGraphiQL
  • Authentication & Security Overview
  • Custom Google Auth

On the frontend

  • Using with Apollo
  • Log in to services
  • Example with create-react-app

External Authentication

  • What are JWTs?
  • AuthGuardian
  • Securing your Apollo server
  • Securing your Hasura API
  • Securing your Netlify site
  • Securing your express.js app
  • Advanced JWT customization with webhooks

Subscriptions

  • Subscriptions
  • Webhook-based subscriptions
  • Websocket-based subscriptions
  • Salesforce subscriptions
  • GitHub subscriptions
  • Gmail Subscriptions

Advanced

  • Persisted Queries
  • Mailchimp Signup with Persisted Queries

Universal Authentication and Authorization with AuthGuardian

AuthGuardian allows developers to easily, visually describe the auth rules for our app, API, or service.

In just a few minutes, we can use it to:

  • Set a user's username to their GitHub login
  • Set a user's email to their Spotify email
  • Set a user's Hasura role based on their GitHub organizations
  • Set a user's Netlify role based on their Salesforce email domain
  • Set a user's discount based on their GitHub commits to a repository

The generated JWTs (JSON web token) can be used for any service that supports JWTs!

Check out out our introductory video on AuthGuardian

Video introduction to AuthGuardian

AuthGuardian Rules

At its core, AuthGuardian is a set of rules, each of which has two parts:

  1. Conditions: The guards for this rule, each of which must be true in order to pass.
  2. Effects: The changes to make to the token

We can read each rule as a sentence:

Rule 1: Has this user contributed a pull request to the OneGraph organization on GitHub?


If so, then set the user.discount property to 0.1 AND set their user.id to the build-in value of GITHUB_USER_ID

Rule 2: Is this user logged into Spotify?


If so, then set the user.email property to the built-in value of SPOTIFY_EMAIL

When we ask our users to log into any service, all of these rules will run, and any that pass will have their effects added to the JWT.

If the user has contributed a pull request to any OneGraph repository on GitHub, and they're logged into Spotify, then the generated token would be:

{
  "iss": "OneGraph",
  "aud": "https://serve.onegraph.com/dashboard/app/00000000-0000-0000-0000-000000000000",
  "iat": 1577836459,
  "exp": 1577922859,
  "user": {
    "id": 42,
    "email": "ilovespotify@gmail.com",
    "discount": 0.1
  }
}

Activating AuthGuardian

Once you've configured your rules, simply save them. You'll be prompted to activate them, and you're finished!

From now on, any user who logs into your application via onegraph-auth will have a token that follows all the rules you've declared.

← What are JWTs?Securing your Apollo server →
Links
OneGraph Overview Example projectsOneGraphiQL Explorer
Support
Live chat on Spectrum> TwitterBlog
More
Terms of ServicePrivacy Policy
Copyright © 2021 OneGraph