⬡ GraphQL
Intermediate
How is authentication handled in GraphQL?
Answer
GraphQL does not prescribe authentication — it is handled at the transport layer (HTTP middleware) and passed to resolvers via the context object. The typical pattern: an HTTP middleware (Express, Fastify) validates the Authorization header (JWT or session token) and attaches the authenticated user to the context. Each resolver then reads context.user to check identity. Example: const resolvers = { Query: { me: (_, __, ctx) => { if (!ctx.user) throw new AuthenticationError('Not logged in'); return ctx.user; } } }. This clean separation means authentication logic lives in one place while resolvers focus on data access.
Previous
What are the pagination strategies in GraphQL?
Next
How do you implement field-level authorization in GraphQL?
More GraphQL Questions
View all →- Intermediate What is the N+1 problem in GraphQL and how does DataLoader solve it?
- Intermediate What are persisted queries in GraphQL?
- Intermediate What is the difference between schema-first and code-first GraphQL approaches?
- Intermediate What are the pagination strategies in GraphQL?
- Intermediate How do you implement field-level authorization in GraphQL?