data index service OIDC protection Graphql at domain objects level and as RO/RW roles for query/mutation/subscription Endpoint

[debu999]

With capability to custom generate graphql endpoints, is it possible to add different roles to different domain objects.
viz. in travel agency problem flight and ticket can the have different roles assigned to them. Similarly can we have different roles for query/mutation/subscription.

Smallrye Graphql has been upated to support this, how to achieve in data index service.
quarkusio/quarkus#10001

[debu999]

Any suggestion on this.

[debu999]

@evacchi can you guide, if we can have control on domain calls in data index and Authorization configuration

[debu999]

@nmirasch we need some traction to make the queries secured

[debu999]

@nmirasch @sberyozkin Need some collaboration on this.

[debu999]

@fjtirado @cristianonicolai can u let me know if we can have custom roles for given graphql query... Per domain object.

[ricardozanini]

@debu999 I don't think we have this out of the box, nor it's planned. Domain-level authorization might be tricky to get in the current architecture. IIRC, you can require authentication from the exposed endpoints, but not the data. If you know the query graphql data generated by Data Index, you may add authentication to it using Quarkus OIDC. @nmirasch can you also please clarify here? @debu999 if this is not relevant anymore, please let me know so I can close it.