Context-based authentication helps check who you are before giving access to data. It keeps data safe by using information about the user or request.
const server = new ApolloServer({ typeDefs, resolvers, context: ({ req }) => { // Extract user info from request headers const user = getUserFromToken(req.headers.authorization); return { user }; } });
context function runs for every request and can add user info.context: ({ req }) => {
const user = getUserFromToken(req.headers.authorization);
return { user };
}context: () => ({
user: { id: '123', role: 'admin' }
})context: ({ req }) => {
const ip = req.ip;
return { ip };
}This GraphQL server checks the user's token from the request header. Only users with the 'admin' role can get the secret data. Others get errors.
const { ApolloServer, gql } = require('apollo-server'); const typeDefs = gql` type Query { secretData: String } `; const resolvers = { Query: { secretData: (parent, args, context) => { if (!context.user) { throw new Error('Not authenticated'); } if (context.user.role !== 'admin') { throw new Error('Not authorized'); } return 'Top secret info'; } } }; function getUserFromToken(token) { if (token === 'admin-token') { return { id: '1', role: 'admin' }; } else if (token === 'user-token') { return { id: '2', role: 'user' }; } return null; } const server = new ApolloServer({ typeDefs, resolvers, context: ({ req }) => { const token = req.headers.authorization || ''; const user = getUserFromToken(token); return { user }; } }); server.listen().then(({ url }) => { console.log(`Server ready at ${url}`); });
Always validate tokens carefully to avoid security risks.
Context runs for every request, so keep it fast and simple.
You can add more info to context like user permissions or request details.
Context-based authentication uses request info to check user identity.
It helps protect data by allowing only authorized users to access it.
Use the context function to add user info for resolvers to check.