Updates for the security section #168
Conversation
|
|
||
| === Decoded JWTs | ||
|
|
||
| // What could be added here? |
There was a problem hiding this comment.
A decoded JWT is passed in to the context in a similar way that an encoded JWT is, but instead of using token, we use jwt, like this where the value of the jwt is passed in by code. customImplementation should be thought of as a placeholder for whatever the programmer would actually write.
const jwt = customImplementation();
const { url } = await startStandaloneServer(server, {
listen: { port: 4000 },
context: async ({ req }) => ({
jwt: jwt,
}),
});Using jwt instead of token in the context informs the Neo4jGraphQL library that it doesn't need to decode it.
|
|
||
| The following code block demonstrates using Apollo Server, extracting the `Authorization` header from the request, and putting it into the appropriate context field: | ||
| To use encoded JWTs, the library must to be configured with a key to decode and verify the tokens. |
There was a problem hiding this comment.
This isn't the case.
An encoded token also can be decoded via a JWKS endpoint.
There was a problem hiding this comment.
Thanks!! Left a few suggestions. It might be worth taking a look at the new section on admonitions in our style guide so you see the options we have besides note https://development.neo4j.dev/docs/docs-style-guide/content/formatting/#_admonitions.
| @@ -115,7 +195,7 @@ Additionally, if this nested location contains any `.` characters in the path, f | |||
| } | |||
| ---- | |||
|
|
|||
| These characters need to be escaped: | |||
| Escape these characters: | |||
There was a problem hiding this comment.
I think the way you rephrase it makes it sound like it's an option, but it may not be the case?
There was a problem hiding this comment.
True. Rephrasing
| @@ -5,10 +5,12 @@ auth/authorization.adoc, auth/auth-directive.adoc, auth/subscriptions.adoc, \ | |||
| auth/authorization/allow.adoc, auth/authorization/bind.adoc, auth/authorization/roles.adoc, \ | |||
| auth/authorization/where.adoc, authentication-and-authorization/index.adoc | |||
|
|
|||
| The Neo4j GraphQL Library offers the following security features: | |||
There was a problem hiding this comment.
Usually the index pages use a list with the name of the page and then a description, not incorporating the title within the description. It's not exactly a rule, but it's kinda consistent throughout docsets.
There was a problem hiding this comment.
oh.
well, this was my attempt to do something else with it, but it ended up pretty close to the original.
not a fan of these pages, since there's also the left side nav, which almost does the same, so the page doesn't serve much of a purpose.
but if it's a convention, then let's stick to it
Co-authored-by: Lidia Zuin <[email protected]>
|
Thanks for the documentation updates. The preview documentation has now been torn down - reopening this PR will republish it. |
There's more in the Security section. SoonTM