requires-scopes1.0.3

Prevent access to elements in the query if the user doesn't have the right OAuth scopes

Requires Scopes extension

Provides the @requiresScopes directive which prevents access to elements in the query if the user doesn't have the right OAuth scopes. It expects the authentication token to be in JSON, as provided by the jwt extension, and have the scopes in OAuth2 format. So a scope claim with a list of scopes as a string separated by a space.

Install


[extension.requires-scopes]
version = "1.0"

Usage


extend schema
  @link(url: "https://grafbase.com/extensions/requires-scopes/1.0.0", import: ["@requiresScopes"])

type Query {
  public: String!
  hasReadScope: String @requiresScopes(scopes: "read")
  hasReadAndWriteScope: String @requiresScopes(scopes: [["read", "write"]])
  hasReadOrWriteScope: String @requiresScopes(scopes: [["read"], ["write"]])
}

Apache-2.0

13 Mar, 2025

Julius de Bruijn

InstallAdd this to your TOML configuration file:

[extensions] requires-scopes = "1.0.3"

github.com/grafbase/extensions/tree/main/extensions/requires-scopes

More extensions

authenticated1.0.1

Prevent access to elements in the query when the user is not authenticated

jwt0.2.5

JWT authentication extension.

nats0.4.1

Map NATS endpoints to GraphQL fields. Supports regular and JetStream...