Bird
Raised Fist0
GraphQLquery~30 mins

Federated authentication in GraphQL - Mini Project: Build & Apply

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Federated Authentication Setup with GraphQL
📖 Scenario: You are building a GraphQL API that supports federated authentication. This means users can log in using different identity providers like Google or Facebook. Your API needs to store user data and their authentication provider information in a database.
🎯 Goal: Create a simple GraphQL schema and resolver setup that stores user information along with their authentication provider. You will build the data structure, add a configuration for supported providers, implement the core logic to link users with providers, and complete the setup with a query to fetch user details.
📋 What You'll Learn
Create a GraphQL type User with fields id, name, and authProvider
Create a list called users to store user data
Add a configuration list supportedProviders with 'Google' and 'Facebook'
Implement a mutation addUser that adds a user only if the authProvider is supported
Implement a query getUser to fetch user details by id
💡 Why This Matters
🌍 Real World
Federated authentication is common in apps that allow users to log in using third-party accounts like Google or Facebook. This project simulates storing and managing such user data in a GraphQL API.
💼 Career
Understanding how to handle federated authentication and manage user data is essential for backend developers working on modern web applications with social login features.
Progress0 / 4 steps
1
Define User type and initial users list
Create a GraphQL type called User with fields id (ID!), name (String!), and authProvider (String!). Then create a list called users with two users: one with id: "1", name: "Alice", authProvider: "Google" and another with id: "2", name: "Bob", authProvider: "Facebook".
GraphQL
Hint

Define the User type with the three fields exactly as named. Then create the users list with two user objects matching the given details.

2
Add supported authentication providers configuration
Create a constant list called supportedProviders containing the strings "Google" and "Facebook".
GraphQL
Hint

Define the supportedProviders list exactly with the two provider names as strings.

3
Implement addUser mutation with provider check
Add a mutation resolver function called addUser that takes id, name, and authProvider as arguments. It should add a new user to the users list only if authProvider is included in supportedProviders. Use supportedProviders.includes(authProvider) to check support.
GraphQL
Hint

Inside the addUser mutation, check if authProvider is in supportedProviders. If yes, create a new user object and add it to users. Return the new user. Otherwise, return null.

4
Add getUser query to fetch user by id
Add a query resolver function called getUser that takes id as an argument and returns the user object from users with the matching id. Use users.find(user => user.id === id) to find the user.
GraphQL
Hint

In the Query resolver, add getUser that returns the user matching the given id from the users list.

Practice

(1/5)
1. What is the main benefit of federated authentication in GraphQL applications?
easy
A. It allows anonymous access without any login.
B. It stores all user passwords securely in the GraphQL server.
C. Users can sign in using trusted external accounts without managing passwords.
D. It requires users to create new passwords for each service.

Solution

  1. Step 1: Understand federated authentication purpose

    Federated authentication lets users log in using accounts from trusted external providers like Google or Facebook.

  2. Step 2: Identify the benefit in GraphQL context

    This avoids the need for users to create and remember new passwords for each app, improving security and convenience.

  3. Final Answer:

    Users can sign in using trusted external accounts without managing passwords. -> Option C

  4. Quick Check:

    Federated authentication = external login without passwords [OK]
Hint: Federated means login via trusted external accounts [OK]
Common Mistakes:
  • Thinking federated auth stores passwords locally
  • Confusing federated auth with anonymous access
  • Assuming it forces new passwords for each app
2. Which of the following is the correct way to include a federated authentication token in a GraphQL request header?
easy
A. "Token: Bearer <token>"
B. "Auth-Token: <token>"
C. "Bearer-Authorization: <token>"
D. "Authorization: Bearer <token>"

Solution

  1. Step 1: Recall standard token header format

    Federated authentication tokens are usually sent in the HTTP header as "Authorization: Bearer <token>".

  2. Step 2: Compare options to standard

    Only "Authorization: Bearer <token>" matches the standard format exactly.

  3. Final Answer:

    "Authorization: Bearer <token>" -> Option D

  4. Quick Check:

    Auth header = Authorization: Bearer token [OK]
Hint: Use 'Authorization: Bearer <token>' header format [OK]
Common Mistakes:
  • Using wrong header names like Auth-Token
  • Swapping 'Bearer' and 'Token' keywords
  • Adding extra words in header key
3. Given this GraphQL query with federated authentication token, what user information will be returned? 
query {
  currentUser {
    id
    email
    name
  }
}
Assuming the token identifies user with id=42, email='user@example.com', and name='Alice'.
medium
A. { "data": { "currentUser": { "id": null, "email": null, "name": null } } }
B. { "data": { "currentUser": { "id": 42, "email": "user@example.com", "name": "Alice" } } }
C. { "errors": [ { "message": "Unauthorized" } ] }
D. { "data": { "currentUser": null } }

Solution

  1. Step 1: Understand token identifies user

    The federated token corresponds to user with id=42, email='user@example.com', and name='Alice'.

  2. Step 2: Query requests currentUser fields

    The query asks for id, email, and name of the authenticated user, so these values will be returned.

  3. Final Answer:

    { "data": { "currentUser": { "id": 42, "email": "user@example.com", "name": "Alice" } } } -> Option B

  4. Quick Check:

    Token user info = query result [OK]
Hint: Token user data matches currentUser fields returned [OK]
Common Mistakes:
  • Expecting null or error despite valid token
  • Confusing error response with data
  • Assuming fields return null values
4. A developer tries to use federated authentication but gets an "Unauthorized" error. Which fix will most likely solve the problem?
medium
A. Add the token in the request header as "Authorization: Bearer <token>".
B. Remove the token from the request to allow anonymous access.
C. Change the query to request only public fields.
D. Use a different GraphQL query without authentication.

Solution

  1. Step 1: Identify cause of Unauthorized error

    Unauthorized usually means missing or invalid authentication token in the request.

  2. Step 2: Apply correct token header format

    Adding the token properly as "Authorization: Bearer <token>" header will authenticate the user and fix the error.

  3. Final Answer:

    Add the token in the request header as "Authorization: Bearer <token>". -> Option A

  4. Quick Check:

    Unauthorized error = missing or wrong token header [OK]
Hint: Always send token in Authorization header [OK]
Common Mistakes:
  • Removing token expecting anonymous access
  • Changing query without fixing auth
  • Using wrong header names or formats
5. You want to implement federated authentication in a GraphQL API that supports multiple identity providers (Google, Facebook, GitHub). Which approach best handles user identity across these providers?
hard
A. Map external provider user IDs to a single internal user ID in your database.
B. Create separate user records for each provider's user ID without linking.
C. Require users to manually link accounts after login.
D. Ignore provider IDs and use only email addresses to identify users.

Solution

  1. Step 1: Understand multi-provider federated auth challenge

    Users may log in via different providers but represent the same person, so linking identities is needed.

  2. Step 2: Choose best identity mapping strategy

    Mapping external provider IDs to a single internal user ID lets the system recognize the same user regardless of provider.

  3. Final Answer:

    Map external provider user IDs to a single internal user ID in your database. -> Option A

  4. Quick Check:

    Link multiple provider IDs to one internal user [OK]
Hint: Link all provider IDs to one internal user ID [OK]
Common Mistakes:
  • Creating separate users per provider causing duplicates
  • Relying only on email which may not be unique or verified
  • Forcing manual linking which hurts user experience