An apollo plugin to secure introspection queries with token based authentication.

Installation

Install the plugin as dependency.

npm install -S @cleartax/apollo-server-plugin-introspection-auth

apollo-server is a peer-dependency for this package.

If you haven't already, install it via:-

npx install-peerdeps @cleartax/apollo-server-plugin-introspection-auth

Usage

When instantiating ApolloServer , pass the following options:-

const apolloServer = new ApolloServer({ introspection: true , plugins: [ ApolloServerIntrospectionAuth({ type : 'header-token' , name: 'x-app-introspect-auth' , value: [ '<valid-auth-token>' ], }), ]; });

Note: Ideally, you would want to add this configuration for non-development environments only. In which case, you can add the options conditionally. The following example illustrates adding it for higher environments in apollo-server-express :-

import { ApolloServerExpressConfig, ApolloServer } from 'apollo-server-express' ; import ApolloServerIntrospectionAuth from '@cleartax/apollo-server-plugin-introspection-auth' ; let options: ApolloServerExpressConfig = { }; if (process.env.NODE_ENV === 'production' ) { options = { ...options, playground: false , introspection: true , plugins: plugins.concat([ ApolloServerIntrospectionAuth({ type : 'header-token' , name: 'x-app-introspect-auth' , value: [ '<valid-auth-token>' ], }), ]); } } const apolloServer = new ApolloServer(options);

References

Inspired from this implementation in apollographql/apollo-server#1933.