aligent/magento2-introspection-auth

Restricts introspection GraphQL queries to authorised users

Installs: 2 768

Dependents: 0

Suggesters: 0

Security: 0

Stars: 2

Watchers: 14

Forks: 0

Open Issues: 0

Type:magento2-module

1.1.0 2024-07-04 04:56 UTC

This package is auto-updated.

Last update: 2024-11-04 05:40:39 UTC


README

Magento 2 module to handle authorisation of GraphQL introspection queries.

Functionality

In Magento 2, GraphQL introspection can be enabled/disabled globally. This module adds functionality so that when enabled, introspection queries can only be made by authorised users.

Installation

  1. Install the package via composer
composer require aligent/magento2-introspection-auth
  1. Enable the module
bin/magento module:enable Aligent_IntrospectionAuth
  1. Run the setup:upgrade command
bin/magento setup:upgrade

Configuration

The authorisation functionality can be enabled/disabled via Stores -> Configuration -> Advanced -> System -> Security -> Enable Introspection Authorisation Note that authorisation will only work is GraphQL introspection is enabled. If it is disabled, it will be disabled for all users, regardless of authorisation.

Permission

In order to be authorised, users/integrations will need the Aligent_Introspection::introspection_allowed permission