Authentication: Login/Logout + Accessing current User in Queries/Mutations

[CalaxDev]

Describe the issue

I've been looking through the Docs and I may have missed a pretty big part but - How is Authentication handled in Typy-Graphql?

For example Logging in/out (Sending Headers/JWT/etc from the frontend back to the server with each query), and how do we access the currently logged in user in a query to, for example, only show x data they're allowed to see (not based on roles, but maybe only Data they created), or in mutations to add a CreateBy/ChangeBy when creating or modifying some data through mutations?

[MichalLytek]

As in any other GraphQL library 😉 There are hundreds if articles about that

[CalaxDev]

As in any other GraphQL library 😉 There are hundreds if articles about that

I feel pretty stupid now, but I haven't found something that'd fit my needs/addresses this in a way Type-Graphql could handle; Can you maybe point me into the right direction here?

[MichalLytek]

What have you tried and what have you read about auth in graphql ecosystem?

[CalaxDev]

Whoops, I replied in the wrong place - Please find my answer below :)

[CalaxDev]

I know that I can authenticate for example via a JWT and through using some NodeJS Middleware I can inject the user object into my request object. The Client needs to send that JWT along with every request to the server.

Now I've read that part on JWTs on Authorization (https://typegraphql.com/docs/authorization.html) and that with the Authorization decorator can limit that only logged in users, and users with specific roles, can see/query specific fields.

Now the point I'm having trouble with is how to actually define a query and access my current User object, for example "req.user" inside a query.

  @Authorized()
  @Query()
  authedQuery(): string {
    const curUser = ???;
    return curUser.getNotesCreatedByCurrentUser();
  }

I'm still rather new to the GraphQL Ecosystem, so I'm at a blank on where to get my "curUser" object from.

[CalaxDev]

After taking another look at the examples, I found that you can use @Ctx() { user }: Context in a mutations parameters, probably also in query parameters.

This context however is statically created with a default user in the example.

Am I right in the assumption that if I use the following:

// Create a GraphQL server
const server = new ApolloServer({
  schema,
  context: ({ req }) => {
    const context = {
      req,
      user: req.user, // `req.user` comes from `express-jwt`
    };
    return context;
  },
});

I get the user object authenticated by my Express Middleware into my query through the use of @Ctx() { user }: Context?