GraphQL-Pouch let’s you use token based authentication with JSON Web Tokens (JWT) to secure your GraphQL-API.
To enable token based authorization use the --secret command line argument with a secure string. GraphQL-Pouch will use to sign and verify tokens. Shoukd you don’t want authorization, don’t set the --secret argument and GraphQL-Pouch will ignore authorization.
Example
graphql-pouch --secret mysupersecretTo create and sign a token, just use the --sign command line argument. You get back a token and their use within a client.
Example
graphql-pouch --sign mysupersecret------------------- as HTTP Header --------------------
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiYWRtaW4iLCJyb2xlIjoiYWRtaW4iLCJpYXQiOjE0Njg5NTA5OTAsImF1ZCI6ImdyYXBocWwtcG91Y2gifQ.kznTAFKkBvKDM7GgQ-ltHx6Go-XsN_RgkoKh_G6hXr0
--------------- or as Query Parameter ---------------
?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiYWRtaW4iLCJyb2xlIjoiYWRtaW4iLCJpYXQiOjE0Njg5NTA5OTAsImF1ZCI6ImdyYXBocWwtcG91Y2gifQ.kznTAFKkBvKDM7GgQ-ltHx6Go-XsN_RgkoKh_G6hXr0