This example showcases a typical approach to handling authorization and authentication behind a gateway. In this example, there are 2 services apart from the gateway itself. One service is in charge of user information (including their password) and the other handles a todo list. The intent is that a user logs in and can see their specific todo list.
The general flow goes something like:
The user service defines a mutation called
loginUserthat checks if the credentials are valid and responds with a token.
Somehow (not shown here), the client holds onto this tokens and sends it with future requests to the gateway under the
When the gateway receives a query, it looks for the token and if its present, sends the value as the
USER_IDheader when sending queries to the services.
The other services uses the header value to perform whatever user-specific logic is required.
The current user can query for their User record with the viewer gateway field
Keep in mind that this demo should not be taken as an example of a secure authorization system. Its purpose is just to illustrate how one can pass pass user-specific information onto the backing services.
Running the example
To run the example, start the services defined in
todo.go first by running
go run <file name> from this directory. You'll have to run them in separate terminals.
Then in a third terminal, start the
gateway.go and visit http://localhost:4000 which
should show you a playground to interact with.
In this example, there are 3 users (numbered 1,2,3) with credentials that take the form
password1. Each of them has a unique set of todo items.