Adopting GraphQL federation creates a convenient place in your infrastructure to make authorization decisions: - It comes early in the request lifecycle, before any subgraph. - It has access to the whole client request, as well as the entirety of the federated graph. - Authorization can still be the responsibility of the subgraph teams, or a cross cutting concern. This talk is about leveraging the special position of the federation gateway for authorization. We'll cover the directives federation offers for authorization out of the box: `@authenticated`, `@requiresScopes`, `@policy`. To cover a more advanced use case, we'll explore how to implement fine-grained authorization taking advantage of data from your federated graph by leveraging extensions in the open source Grafbase Gateway.
Engineer, Grafbase
Tom's professional life has gravitated towards GraphQL and Rust, schemas and databases. After authoring the first Rust GraphQL client library, recent years have taken him from the database schema management space at Prisma to GraphQL federation at Grafbase. In his free time, he enjoys long walks, pistachios and trying to teach his dog the international phonetic alphabet.
Join three transformative days of expert insights and innovation to shape the next decade of APIs!