Skip to content

autom8ter/oauth-graphql-ide

Repository files navigation

oauth-graphql-playground

An oauth2 protected graphQL playground

Features

  • Serves GraphQL Playground user interface /
  • Login with oauth authorization code grant
    • automatically redirects the user to login if token is expired or cannot be refreshed
  • Serve local session-protected http proxy /proxy to a remote graphQL server/endpoint
    • automatically adds authorization header with oauth bearer token to outbound request
  • Fully Configurable via environmental variables
  • Pluggable session management
    • Cookie-based sessions
    • Redis-based sessions
  • Secure - token's are not accessible to browser javascript

Installation

Binary Release

Please see releases to download and add the program to your path directly

Using Containers

Environmental Variables

.env files are loaded if found in the same directory as oauth-graphql-playground

# enable debug logs
OAUTH_GRAPHQL_PLAYGROUND_DEBUG=true

# the port to serve on (default: 5000)
OAUTH_GRAPHQL_PLAYGROUND_PORT=5000

# the oauth2 client id
OAUTH_GRAPHQL_PLAYGROUND_CLIENT_ID=xxx-xxxx-xxxx-xxx

# the oauth2 client secret
OAUTH_GRAPHQL_PLAYGROUND_CLIENT_SECRET=xxx-xxxx-xxxx-xxx

# the redirect url the identity provider will send the user back to(this server)
OAUTH_GRAPHQL_PLAYGROUND_REDIRECT_URL=http://localhost:5000/oauth2/callback

# the oauth2 scopes to ask the user to consent to
OAUTH_GRAPHQL_PLAYGROUND_SCOPES=openid,email,profile

# the oauth2 authorization URL
OAUTH_GRAPHQL_PLAYGROUND_AUTHORIZATION_URL=https://accounts.google.com/o/oauth2/v2/auth

# the oauth2 token URL
OAUTH_GRAPHQL_PLAYGROUND_TOKEN_URL=https://oauth2.googleapis.com/token

# a JSON string used to configure the session manager. options: [cookies]
OAUTH_GRAPHQL_PLAYGROUND_SESSION_MANAGER={ "name": "cookies", "secret": "xxx-xxx-xxx" }

# use open id connect id token on outbound graphQL requests
OAUTH_GRAPHQL_PLAYGROUND_OPEN_ID=true

# the graphQL server to connect to (required)
OAUTH_GRAPHQL_PLAYGROUND_SERVER_ENDPOINT=http://localhost:8080/api/graphql

# CORS options
OAUTH_GRAPHQL_PLAYGROUND_CORS_ALLOW_ORIGINS=*
OAUTH_GRAPHQL_PLAYGROUND_CORS_ALLOW_METHODS=POST,GET,PUT,DELETE
OAUTH_GRAPHQL_PLAYGROUND_CORS_ALLOW_HEADERS=*

# TLS/HTTPS options
# OAUTH_GRAPHQL_PLAYGROUND_TLS_CERT_FILE=/tmp/certs/oauth-graphql-playground.cert
# OAUTH_GRAPHQL_PLAYGROUND_TLS_KEY_FILE=/tmp/certs/oauth-graphql-playground.key

OAuth Providers

You will need to register an OAuth client application with an identity provider if you havent already. Please note that your OAuth config should be setup as a "Web Application" with the "Authorization Code Grant" enabled. You also may need to do additional configuration of your OAuth app depending on your configured scopes.