User authentication

abhimanyusinghgaur · October 12, 2020, 6:55am

The PR you point has 3 kinds of checks in it:

Guardian only access: Although it is an enterprise feature, ACL works at /graphql. Using ACL, you can set which users have what permissions on which predicates. Then you will need to log in the ACL user to get his JWT and supply the JWT at /graphql using the X-Dgraph-AccessToken header. That is one way to have DB level auth.
Poor man’s auth: There is nothing concrete on Poor man’s auth for /graphql yet. If you would like to have Poor man’s auth on /graphql then please upvote the RFC for that.

IP whitelisting: We haven’t yet felt a need to have IP whitelisting at /graphql, because this endpoint is supposed to be publicly exposed. If you think it would make sense to have IP whitelisting too at /graphql then please let us know your use case.

Topic		Replies	Views
How is dgraph protected? Dgraph kind:question	6	585	March 13, 2021
Using Dgraph GraphQL with attribute-based access control GraphQL example , graphql	2	1285	April 29, 2020
How can I use Slash Dgraph as a database for my backend? Dgraph Cloud	6	640	February 10, 2021
GraphQL Authorisation GraphQL graphql	6	948	June 11, 2020
Dgraph RBAC User Authorization Question Dgraph	1	390	November 9, 2021