Getting Started with GraphQL Authentication
Learn how to implement authentication in GraphQL.
We'll cover the following
So far, we’ve only made a few design choices about how we’ll implement authentication. Now, let’s explore implementing a new mutation to authenticate a user and use server-side cookies to send an authentication token to a client making a request.
We’ll implement authentication on the backend. This process can be a bit involved, but we’ll go through it step by step:
- We define new mutations to log in and log out.
- We store password information for users in our database. We store password hashes and not the passwords themselves, but we’ll cover this in more detail later.)
- We implement the
login
mutation to set a cookie and update our GraphQL server to read a JWT token from an incoming request. - We restrict all other mutations to authenticated users.
This is quite a bit to go through, so we’ll implement all the prep work in this lesson and do the remaining steps in the following lessons.
New schema
We’ll start by defining new mutations in our application. We add one mutation to log into our application and another mutation to log out.
Get hands-on with 1200+ tech skills courses.