requires-scopes1.1.0

Prevent access to elements in the query if the user doesn't have the right OAuth scopes

Requires Scopes extension

Provides the @requiresScopes directive which prevents access to elements in the query if the user doesn't have the right OAuth scopes. It expects the authentication token to be in JSON, as provided by the jwt extension, and have the scopes in OAuth2 format. So a scope claim with a list of scopes as a string separated by a space.

# grafbase.toml [extensions.requires-scopes] version = "1.0"

Install the extensions before starting the gateway:

grafbase extension install
extend schema @link( url: "https://grafbase.com/extensions/requires-scopes/1.0.5" import: ["@requiresScopes"] ) type Query { public: String! hasReadScope: String @requiresScopes(scopes: "read") hasReadAndWriteScope: String @requiresScopes(scopes: [["read", "write"]]) hasReadOrWriteScope: String @requiresScopes(scopes: [["read"], ["write"]]) }
ClaimsFieldAccess granted?
{"scope": ""}publicyes
{"scope": ""}hasReadScopeno
{"scope": "read"}hasReadScopeyes
{"scope": "read"}hasWriteScopeno
{"scope": "read"}hasReadOrWriteScopeyes
{"scope": "read,write"}hasReadAndWriteScopeyes
18 Aug, 2025
Julius de Bruijn
InstallAdd this to your TOML configuration file:
[extensions] requires-scopes = "1.1.0"