An oauth2 protected graphQL playground
- Serves GraphQL Playground user interface
/
- Login with oauth authorization code grant
- automatically redirects the user to login if token is expired or cannot be refreshed
- Serve local session-protected http proxy
/proxy
to a remote graphQL server/endpoint- automatically adds authorization header with oauth bearer token to outbound request
- Fully Configurable via environmental variables
- Pluggable session management
- Cookie-based sessions
- Redis-based sessions
- Secure - token's are not accessible to browser javascript
Please see releases to download and add the program to your path directly
-
Docker:
docker pull colemanword:oauth-graphql-playground:v0.0.3
.env files are loaded if found in the same directory as oauth-graphql-playground
# enable debug logs
OAUTH_GRAPHQL_PLAYGROUND_DEBUG=true
# the port to serve on (default: 5000)
OAUTH_GRAPHQL_PLAYGROUND_PORT=5000
# the oauth2 client id
OAUTH_GRAPHQL_PLAYGROUND_CLIENT_ID=xxx-xxxx-xxxx-xxx
# the oauth2 client secret
OAUTH_GRAPHQL_PLAYGROUND_CLIENT_SECRET=xxx-xxxx-xxxx-xxx
# the redirect url the identity provider will send the user back to(this server)
OAUTH_GRAPHQL_PLAYGROUND_REDIRECT_URL=http://localhost:5000/oauth2/callback
# the oauth2 scopes to ask the user to consent to
OAUTH_GRAPHQL_PLAYGROUND_SCOPES=openid,email,profile
# the oauth2 authorization URL
OAUTH_GRAPHQL_PLAYGROUND_AUTHORIZATION_URL=https://accounts.google.com/o/oauth2/v2/auth
# the oauth2 token URL
OAUTH_GRAPHQL_PLAYGROUND_TOKEN_URL=https://oauth2.googleapis.com/token
# a JSON string used to configure the session manager. options: [cookies]
OAUTH_GRAPHQL_PLAYGROUND_SESSION_MANAGER={ "name": "cookies", "secret": "xxx-xxx-xxx" }
# use open id connect id token on outbound graphQL requests
OAUTH_GRAPHQL_PLAYGROUND_OPEN_ID=true
# the graphQL server to connect to (required)
OAUTH_GRAPHQL_PLAYGROUND_SERVER_ENDPOINT=http://localhost:8080/api/graphql
# CORS options
OAUTH_GRAPHQL_PLAYGROUND_CORS_ALLOW_ORIGINS=*
OAUTH_GRAPHQL_PLAYGROUND_CORS_ALLOW_METHODS=POST,GET,PUT,DELETE
OAUTH_GRAPHQL_PLAYGROUND_CORS_ALLOW_HEADERS=*
# TLS/HTTPS options
# OAUTH_GRAPHQL_PLAYGROUND_TLS_CERT_FILE=/tmp/certs/oauth-graphql-playground.cert
# OAUTH_GRAPHQL_PLAYGROUND_TLS_KEY_FILE=/tmp/certs/oauth-graphql-playground.key
You will need to register an OAuth client application with an identity provider if you havent already. Please note that your OAuth config should be setup as a "Web Application" with the "Authorization Code Grant" enabled. You also may need to do additional configuration of your OAuth app depending on your configured scopes.
-
- token url: https://oauth2.googleapis.com/token
- authorization url: https://accounts.google.com/o/oauth2/v2/auth
-
- token url: todo
- authorization url: todo
-
- token url: todo
- authorization url: todo
-
- token url: https://graph.facebook.com/v3.2/oauth/access_token
- authorization url: https://www.facebook.com/v3.2/dialog/oauth
-
- token url: https://slack.com/api/oauth.access
- authorization url: https://slack.com/oauth/authorize
-
- token url: https://github.com/login/oauth/access_token
- authorization url: https://github.com/login/oauth/authorize