This library contains a reusable module (AuthModule) with guards that can be used to protect other APIs and GraphQL resolvers.
Import and configure the AuthModule, example:
@Module({
imports: [
AuthModule.register({
audience: 'protected_resource',
issuer: 'https://localhost:6001',
jwksUri: 'http://localhost:6002/.well-known/openid-configuration/jwks',
}),
where audience
is the name your resource was registered under in IdS, issuer
the IdS url, and jwksUri
the IdS jwk endpoint (we probably won't need to configure this separately in the future).
Decorate the controller with @UseGuards
:
@UseGuards(IdsAuthGuard, ScopesGuard)
@Controller('clients')
export class ClientsController {
and individual protected methods with @Scopes
:
@Scopes('protected_resource/read', 'protected_resource/admin')
@Get(':id')
@ApiOkResponse({ type: Client })
async findOne(@Param('id') id: string): Promise<Client> {
If no @Scopes
are applied to a method, then no access control is enforced for that method.
Information about the logged in user can be obtained by adding @Req() request
as an input parameter to a controller method, and accessing request.user
.
Decorate the resolver with @UseGuards
:
@UseGuards(IdsAuthGuard, ScopesGuard)
@Resolver()
export class UserProfileResolver {
and individual protected methods with @Scopes
:
@Scopes('protected_resource/read', 'protected_resource/admin')
@Query(() => UserProfile, { nullable: true })
getUserProfile(
If no @Scopes
are applied to a method, then no access control is enforced for that method.
Information about the logged in user can be obtained by adding @CurrentUser() user
as an input parameter to a resolver method.