Subscriptions Authorization
Explore how to implement authorization for GraphQL subscriptions in Elixir with Absinthe. Understand how to scope subscription topics to individual users, avoid unauthorized data exposure, and ensure real-time data publishing respects security boundaries. This lesson guides you through testing and adjusting topic design to secure subscription events effectively.
We'll cover the following...
Interesting challenges in authorization
While we’re on the subject, subscriptions pose some interesting challenges with respect to authorization. For example, we run into some trouble with the new_order field straight away because it uses a “*” topic. Right now, every customer who subscribes is going to get pushed information about everyone else’s order. This might prove to be inconvenient.
Fixing this isn’t simply a matter of adding authorization middleware to the new_order ...