• Docs
  • Pricing
  • Support
  • Blog
  • Login

›External Authentication

Intro

  • What's OneGraph?
  • How does it work?
  • Creating your first app
  • Making your first query
  • OneGraphiQL
  • Authentication & Security Overview
  • Custom Google Auth

On the frontend

  • Using with Apollo
  • Log in to services
  • Example with create-react-app

External Authentication

  • What are JWTs?
  • AuthGuardian
  • Securing your Apollo server
  • Securing your Hasura API
  • Securing your Netlify site
  • Securing your express.js app
  • Advanced JWT customization with webhooks

Subscriptions

  • Subscriptions
  • Webhook-based subscriptions
  • Websocket-based subscriptions
  • Salesforce subscriptions
  • GitHub subscriptions
  • Gmail Subscriptions

Advanced

  • Persisted Queries
  • Mailchimp Signup with Persisted Queries

Generating JWT for authentication

Netlify allows you to control access to routes on a site according to roles in the visitor's JWT. AuthGuardian has built-in support for setting roles based on various criteria.

Netlify only supports shared-secret JWTs, so we'll have to set a JWT secret in both our Netlify site and our OneGraph app.

Note: If you're using OneGraph JWTs with other APIs like Hasura or node.js along with Netlify, you'll need to also change them to the same shared secret

Netlify's role-based access control may not be available on every account, be sure to ask their support if you're trying to use it - read more about it in their documentation.

Setting a shared secret on Netlify

In your site dashboard on Netlify,

  1. Navigate to Settings -> Access Control -> Visitor access
  2. Click Set JWT secret
  3. Enter a sufficiently long password

Set the shared JWT secret on your Netlify site

Setting a shared secret on OneGraph

Now we'll have to set the same shared-secret in OneGraph so that the JWTs are signed for Netlify:

  1. Navigate to your app, then Auth Services -> JWT Settings
  2. Change Signature method to Shared secret
  3. Enter the exact same password you used for Netlify

Set the shared JWT secret on your OneGraph app

Note: Also be sure to add your Netlify site (and any custom domains) to the CORS list so users will be able to log in

Configure your Netlify roles in AuthGuardian

Using AuthGuardian, we can easily control access to our Netlify site.

Consider the following example:

I have a sales dashboard on my Netlify site at /sales, but it has sensitive data that I pull from the Salesforce API.

I only want members of my sales team to be able to access the sales dashboard

We can achieve that with simply:

Add a 'sales' role on Netlify if the user belongs to my sales organization

And in our public/_redirects file we'll add the following restrictions:

/sales          200!    Role=admin
/sales  /login  401!

And that's it! Now anyone who tries to access /sales on our Netlify site must belong to our Salesforce organization!

← Securing your Hasura APISecuring your express.js app →
Links
OneGraph Overview Example projectsOneGraphiQL Explorer
Support
Live chat on Spectrum> TwitterBlog
More
Terms of ServicePrivacy Policy
Copyright © 2021 OneGraph