Root @auth directives

@gja was assisting me when I first started digging into actually implementing @auth directives. (Thank you by the way!)

What he noticed and I see the need for now, is sometimes a user wants a way to write a single @auth directive that applies to all/some of the types.

I know this adds another layer of complexity and might never be possible, which would be okay for me as well if that is the decision.

If for instance I wanted to block all deletes from my graphql endpoint It would be nice to write one root @auth(delete: {rule: "..."}) somewhere and that get applies to all types at once instead of copying and pasting it into 110+ types. I don’t mind doing it the long way as that is what I am doing right now, but I am sure it would be useful as Slash continues to grow with @auth being a main directive used by many.

1 Like

Yeah, this is a really nice idea. There’s a couple of other ‘global’ things that we have thought about throwing in - e.g. having a switch for ‘all queries/mutations are public unless I state otherwise in the rules’ vs ‘all queries/mutations require an authenticated JWT unless I explicitly open one up in a rule’.

@arijit can you make sure this discussion gets noted on the list of community features to pick up.

2 Likes