You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: modules/ROOT/pages/security/configuration.adoc
+5-15Lines changed: 5 additions & 15 deletions
Original file line number
Diff line number
Diff line change
@@ -5,12 +5,9 @@ The Neo4j GraphQL Library uses JSON Web Token (JWT) authentication.
5
5
JWTs are tokens containing claims or statements about the user or client making the request.
6
6
These claims can include information such as the user's ID or roles.
7
7
8
-
When a user or client logs in to the API, the API generates a JWT and returns it to the client.
9
-
The client then includes the JWT with each subsequent request to the API.
8
+
A JWT can be obtained from an authentication service and is then included in an API request.
10
9
The API verifies the JWT and returns the requested data if the JWT is valid.
11
10
12
-
// ^ is this paragraph accurate?
13
-
14
11
== Instantiation
15
12
16
13
The Neo4j GraphQL Library can accept two types of JWTs:
@@ -21,7 +18,6 @@ The Neo4j GraphQL Library can accept two types of JWTs:
21
18
=== Encoded JWTs
22
19
23
20
To use encoded JWTs, the library must to be configured with a key to decode and verify the tokens.
24
-
25
21
The following code block uses Apollo Server, extracts the `Authorization` header from the request and puts it in the appropriate context field:
26
22
27
23
[source, typescript, indent=0]
@@ -46,8 +42,6 @@ Optionally, if a custom decoding mechanism is required, that same header can be
46
42
47
43
To configure the library with a symmetric secret (e.g. "secret"), the following instantiation is required:
48
44
49
-
// ^ What is a symmetric secret? What is its purpose?
50
-
51
45
[source, typescript, indent=0]
52
46
----
53
47
new Neo4jGraphQL({
@@ -62,9 +56,7 @@ new Neo4jGraphQL({
62
56
63
57
==== JWKS endpoint
64
58
65
-
To configure the library to verify tokens against a JWKS endpoint, for example "https://www.myapplication.com/.well-known/jwks.json", the following instantiation is required:
66
-
67
-
// ^ What is the purpose?
59
+
To configure the library to verify tokens against a JSON Web Key Set (JWKS) endpoint, for example "https://www.example.com/.well-known/jwks.json", the following instantiation is required:
68
60
69
61
[source, typescript, indent=0]
70
62
----
@@ -82,7 +74,7 @@ new Neo4jGraphQL({
82
74
83
75
==== Passing in encoded JWTs
84
76
85
-
// This was at the end of the file, I thought it could be moved here instead. What about decoded JWTs?
77
+
// What about decoded JWTs?
86
78
87
79
To pass in an encoded JWT, use the token field of the context.
88
80
When using Apollo Server, extract the authorization header into the token property of the context:
@@ -153,7 +145,7 @@ You can use any name as long as it is decorated with the `@jwt` directive.
153
145
154
146
=== The `@jwtClaim` directive
155
147
156
-
A `roles` claim is not necessarily located at the JWT payload root, but can instead be in a nested location, for example:
148
+
A `roles` claim is not necessarily located at the JWT payload root, but can instead be in a nested location, for example under `myApplication`:
157
149
158
150
[source, json, indent=0]
159
151
----
@@ -165,8 +157,6 @@ A `roles` claim is not necessarily located at the JWT payload root, but can inst
165
157
}
166
158
----
167
159
168
-
// ^ why is this a nested location? can we show the nesting?
169
-
170
160
In this case, use the `@jwtClaim` directive:
171
161
172
162
[source, graphql, indent=0]
@@ -199,6 +189,6 @@ type JWT @jwt {
199
189
200
190
[NOTE]
201
191
====
202
-
This way of escaping is necessary to escape twice: once for GraphQL and once for `dot-prop`, which is used under the hood to resolve the path.
192
+
The `path` must be escaped twice: once for GraphQL and once for `dot-prop`, which is used under the hood to resolve the path.
0 commit comments