requires-scopes1.0.5

Prevent access to elements in the query if the user doesn't have the right OAuth scopes

Requires Scopes

Provides the @requiresScopes directive which prevents access to elements in the query if the user doesn't have the right OAuth scopes. It expects the authentication token to be in JSON, as provided by the jwt extension, and have the scopes in OAuth2 format. So a scope claim with a list of scopes as a string separated by a space.

# grafbase.toml [extension.requires-scopes] version = "1.0"

Run the install command before starting the gateway

grafbase extension install
# subgraph schema extend schema @link( url: "https://grafbase.com/extensions/requires-scopes/1.0.0" import: ["@requiresScopes"] ) type Query { public: String! hasReadScope: String @requiresScopes(scopes: "read") hasReadAndWriteScope: String @requiresScopes(scopes: [["read", "write"]]) hasReadOrWriteScope: String @requiresScopes(scopes: [["read"], ["write"]]) }
ClaimsFieldAccess granted?
{"scope": ""}publicyes
{"scope": ""}hasReadScopeno
{"scope": "read"}hasReadScopeyes
{"scope": "read"}hasWriteScopeno
{"scope": "read"}hasReadOrWriteScopeyes
{"scope": "read,write"}hasReadAndWriteScopeyes
26 Mar, 2025
Julius de Bruijn
InstallAdd this to your TOML configuration file:
[extensions] requires-scopes = "1.0.5"