This is hopefully a simple question: Does a lambda server have unauthenticated, fully-authorized access to the Dgraph database? Related question: Do the @auth declarations in the schema affect lambda resolvers?
I’m doing a risk analysis of a Dgraph production environment architecture and need to know how to secure the lambda component.
If you use GraphQL inside of the lambda then it does honor auth rules, but if you use DQL in the lambda then it does not honor auth rules.
Thank you! Is it also true that Dgraph has no authentication?
Authentication is done with a JWT. You get the user’s ID and put it in the JWT claims.
However, you will need to log the user in and generate a JWT for them. I’m using https://magic.link + a SvelteKit endpoint (like an Express endpoint) to do this.
I then add the JWT to the GraphQL client so that it includes it in the headers on all requests.
Dgraph does not natively have anything to generate JWTs for consumption by the client for the GraphQL endpoint. However Dgraph can be the source of truth used to authenticate users and then your own script to generate JWTs.