Authentication
Example Code: https://github.com/nautilus/gateway/tree/master/examples/auth
This example showcases a typical approach to handling authorization and authentication behind a gateway. In this example, there are 2 services apart from the gateway itself. One service is in charge of user information (including their password) and the other handles a todo list. The intent is that a user logs in and can see their specific todo list.
The general flow goes something like:
-
The user service defines a mutation called
loginUserthat checks if the credentials are valid and responds with a token. -
Somehow (not shown here), the client holds onto this tokens and sends it with future requests to the gateway under the
Authorizationheader. -
When the gateway receives a query, it looks for the token and if its present, sends the value as the
USER_IDheader when sending queries to the services. -
The other services uses the header value to perform whatever user-specific logic is required.
-
The current user can query for their User record with the viewer gateway field
Keep in mind that this demo should not be taken as an example of a secure authorization system. Its purpose is just to illustrate how one can pass pass user-specific information onto the backing services.
Running the example
To run the example, start the services defined in users.go and todo.go first by running
go run <file name> from this directory. You'll have to run them in separate terminals.
Then in a third terminal, start the gateway.go and visit http://localhost:4000 which
should show you a playground to interact with.
User Credentials
In this example, there are 3 users (numbered 1,2,3) with credentials that take the form
username1/password1. Each of them has a unique set of todo items.