Craft GraphQL APIs in Elixir with Absinthe.png

graphql.tar.gz

Chapter_2_1_start

Chapter_2_2_object_Running_GraphQLServer

Chapter_2_2_object

Chapter_3_3_matching

Chapter_3_3_matching_GraphQiL

Chapter_4_2_Union_GraphQiL

Chapter_5_2_Create

Chapter_6_4-publish

Chapter_6_4-orderingapi

Chapter_7_5-default

Chapter_8_2-login

Chapter_8_3-context

Chapter_9_dataloader

Chapter_10_Start

Chapter_10_2_action

Chapter_10_3_put

Chapter_10_4_login

Chapter_10_5_History

Chapter_11_2_subsription

Chapter_11_1_start

Chapter_11_hybird

Chapter_11_Applo_Client

Chapter_11_1_start-Updated

Chapter11-2-HTTP-Subscription

Chapter11-2-HTTP-Relay-Subscription

GraphQL is an API query language that allows clients to ask for exactly what they need and nothing more makes it easier to evolve APIs over time.

This course is divided into three parts, Part 1- Build a GraphQL API, Part 2- Publish Your API, and Part-3 Use Your API. 

In the first part, you will cover topics ranging from basic GraphQL, Building GraphQL Schema, Taking User Input, Adding Flexibility, Making a Change with Mutations, and Going Live with Subscriptions.

In the second part, you will cover topics ranging from Resolution Middleware, Securing with Authentication and Authorization, and Tuning Resolution.

The third part will cover topics ranging from Driving Phoenix Actions with GraphQL, Integrating with the Frontend and GraphQL Types. Upon completing this course, you will have sufficient foundational knowledge of GraphQL, and you can build, publish and use your API in GraphQL.

Craft GraphQL APIs in Elixir with Absinthe

## Interesting challenges in authorization
While we’re on the subject, subscriptions pose some interesting challenges with respect to authorization. For example, we run into some trouble with the `new_order` field straight away because it uses a “`*`” topic.  Right now, every customer who subscribes is going to get pushed information about everyone else’s order. This might prove to be inconvenient.

Fixing this isn’t simply a matter of adding authorization middleware to the `new_order` field. Middleware runs when the document is executed, but the document won’t be executed until an actual order is placed and published. In other words, we’d still be letting clients create the subscription, but instead of an order, they’ll be `unauthorized` when an event happens. We want to scope `new_order` so that, when a customer creates a subscription, we only route that customer’s orders to that subscription.

Let’s capture this problem in a test case:


# Interesting challenges in authorization
While we’re on the subject, subscriptions pose some interesting challenges with respect to authorization. For example, we run into some trouble with the `new_order` field straight away because it uses a “`*`” topic.  Right now, every customer who subscribes is going to get pushed information about everyone else’s order. This might prove to be inconvenient.

Fixing this isn’t simply a matter of adding authorization middleware to the `new_order` field. Middleware runs when the document is executed, but the document won’t be executed until an actual order is placed and published. In other words, we’d still be letting clients create the subscription, but instead of an order, they’ll be `unauthorized` when an event happens. We want to scope `new_order` so that, when a customer creates a subscription, we only route that customer’s orders to that subscription.

Let’s capture this problem in a test case:


Learn how to authorize the subscription in GraphQL.

Subscriptions Authorization

Getting Started

Meet GraphQL

Building Schema of GraphQL

Taking User Input

Adding Flexibility

Making a Change with Mutations

Going Live with Subscriptions

Resolution Middleware

Securing with Authentication and Authorization

Tuning Resolution

Driving Phoenix Actions with GraphQL

Integrating with the Front-end

Conclusion

Subscriptions Authorization

Interesting challenges in authorization