Auth

In this section you will learn more about how to secure your GraphQL API using Neo4j GraphQL’s inbuilt auth mechanics.

Using auth requires various APOC functions and procedures, one being apoc.util.validatePredicate that is not currently in Neo4j Aura. Run the checkNeo4jCompat method to ensure your Graph has all the requirements.

1. Preview

type Post @auth(rules: [
    { operations: [CREATE], isAuthenticated: true }
]) {
    title: String!
}

When you have production-style Auth the directive can get large and complicated. Use Extend to tackle this;

type Post {
    title: String!
}

extend type Post @auth(rules: [
    { operations: [CREATE], isAuthenticated: true }
])

You can use the directive on 'Type Definitions', as seen in the example above, you can also apply the directive on any field so as long as it’s not a @relationship;

type User {
    id: ID!
    name: String!
}

extend type User {
    password: String! @auth(rules: [
        {
            OR: [{ roles: ["admin"] }, { allow: { id: "$jwt.sub" } }]
        }
    ])
}