These instructions assume you already have a Kinde account. You can register for free here (no credit card required).
This guide details how to protect your GraphQL endpoints, when running on ExpressJS.
It assumes you already have a front end connected to Kinde which is sending a Kinde issued bearer token to your API for verification.
If you don’t yet have a front end setup, please set this up first following the relevant guide:
# npm
npm i @kinde-oss/kinde-node
# yarn
yarn add @kinde-oss/kinde-node
# pnpm
pnpm i @kinde-oss/kinde-nodeImport as you would any other Node package - we recommend you do this in you app.js or index.js file depending on your structure.
const kindeNode = require("@kinde-oss/kinde-node");In the same file after any other imports initialize the library by entering your Kinde domain. This grabs the verification keys for your app.
let authenticate;
(async () => {
authenticate = await kindeNode(YOUR_KINDE_DOMAIN);
})();We recommend you create a context for holding contextual data and use our authenticate function to verify if the Bearer token sent with the api call matches the keys on your domain and prevent access to unauthorized users.
const context = (req) => {
const user = new Promise((resolve, reject) => {
authenticate(req, (err, user) => {
if (err) {
return reject(err);
}
resolve(user);
});
});
return {
user
};
};It’s pretty common that a Graph will have a mix of public and private fields.
Because we’ve added the user to context we can access this in the individual field resolvers and decide what to return.
As an example, this resolver is only accessible with a valid user:
users: (args, context) => {
// In this case, we’ll pretend there is no data when
// we’re not logged in. Another option would be to
// throw an error
if (!context.user) return null;
return ["bob", "jake"];
};If you need any assistance with getting Kinde connected reach out to us at support@kinde.com.
Developer tools