aligent / magento2-introspection-auth
Restricts introspection GraphQL queries to authorised users
Installs: 2 768
Dependents: 0
Suggesters: 0
Security: 0
Stars: 2
Watchers: 14
Forks: 0
Open Issues: 0
Type:magento2-module
Requires
- php: ~8.1.0|~8.2.0|~8.3.0
- magento/framework: *
This package is auto-updated.
Last update: 2024-11-04 05:40:39 UTC
README
Magento 2 module to handle authorisation of GraphQL introspection queries.
Functionality
In Magento 2, GraphQL introspection can be enabled/disabled globally. This module adds functionality so that when enabled, introspection queries can only be made by authorised users.
Installation
- Install the package via composer
composer require aligent/magento2-introspection-auth
- Enable the module
bin/magento module:enable Aligent_IntrospectionAuth
- Run the
setup:upgrade
command
bin/magento setup:upgrade
Configuration
The authorisation functionality can be enabled/disabled via Stores -> Configuration -> Advanced -> System -> Security -> Enable Introspection Authorisation
Note that authorisation will only work is GraphQL introspection is enabled. If it is disabled, it will be disabled for all users, regardless of authorisation.
Permission
In order to be authorised, users/integrations will need the Aligent_Introspection::introspection_allowed
permission