← Back Home

Authorization in the GraphQL era

More and more teams choose GraphQL as the transport protocol for their projects. Switching the paradigm brings many benefits but comes at the price of figuring out how to deal with the well-known problems in this new world. Let's talk about a particular one—access control organization.

In this talk, I'd like to discuss the differences between graph nodes and controller actions when dealing with user permissions, the pattern of crafting authentication, and authorization in Rails applications with GraphQL API and demonstrate the options we have in our ecosystem.