Export verified JWT / basic auth data in context #3417
Description
Is your feature request related to a problem? Please describe.
I want tailcall to handle authentication and provide the identity of the user to underlying reflector's upstream
Describe the solution you'd like
schema
@link(id: "auth-jwt1", type: Jwks, src: "jwks.json")
{
query: Query
}
type Query {
me: User @http(url: "http://jsonplaceholder.typicode.com/user/{{.auth.auth-jwt1.sub}}") @protected
}
...I'd like to have the auth data available in the context. For basic auth that would be the username and password, for the JWT that would be sub and other claims + signature metadata.
Also, it would be nice to be able to have an @maybeProtected directive (or something) that would allow the resource access regardless of whether or not the authentication was provided in the client request (as is for queries that may be resolved with or without auth - a good example would be something like ads where you can show something either way - but if the user is authenticated you can show personalized ads; p.s. I hate ads, but they are nonetheless a good example). Conceptual example: ads: [Ad] @http(url: "http://jsonplaceholder.typicode.com/ads/?for={{.auth.auth-jwt1.sub || null}}") @maybeProtected
Describe alternatives you've considered
Check the JWT / basic auth again at the upstream layer. Kind of defeats the purpose.
Additional context
This is what we do with our custom GraphQL API gateway implementation.