Creating an App : User Login and rights


#1

Hi Cayley community,

I have played with 0Cayley version: 0.7.5 (cf576babb7db) recentely, but couldn t find in the documentation how to manage users and rights.

The app prototype I d like to build would have a front end written in Javascript, requesting data through GRAPHQL over the internet.
Each user, would be logged in the system…

Would you have an example demonstrating this kind of scenario ?

What kind of architecture would you recommend ? ( A client in JS + a server side connecting to the graph ? // can I connect directely using graphql from the app ???)

Thanks for your help

PS: snap package provides a version of 2018 : Cayley version: 0.7.5 (cf576babb7db)


#2

Hey there,
Thanks for giving Cayley a try it looks like a really cool project to build with it.
The modelling of users and permissions in the graph can be fairly straight forward:
This is the JSON-LD document to write for a user:

{
    "@context": { "schema": "http://schema.org/" },
    "@id": "USER_ID",
    "@type": "schema:Person",
    "@reverse": {
      "schema:grantee": {
            "@id": "PERMISSION_ID",
            "@type": "schema:DigitalDocumentPermission",
            "schema:permissionType": { "@id": "schema:ReadPermission" }
        }
    }
}

Then the GraphQL query would be:

{
  nodes(id: <USER_ID>, <http://www.w3.org/1999/02/22-rdf-syntax-ns#type>: <http://schema.org/Person>) {
    id
    <http://www.w3.org/1999/02/22-rdf-syntax-ns#type>
    <http://schema.org/grantee> @rev {
        id
        <http://www.w3.org/1999/02/22-rdf-syntax-ns#type>
        <http://schema.org/permissionType>
    }
  }
}

#3

Dear @iddan,
Thanks for the answer.
I am looking for an example like the one provided at Dgraph here : https://blog.dgraph.io/post/access-control-in-dgraph/

A mechanisem to login using “JSON Web Token”. Once logged in you pass your “Access Token” with each request.

Is there a mechanisem like this in Cayley ?


#4

Here is explained how you can “login” into dgraph via JS :


#5

Hey, currently Cayley doesn’t have an authentication feature. Implementing such feature should be fairly straightforward except for the fact it would need to be implemented for each backend separately (dgraph got it easy as they only have one backend). It’s on the roadmap but unless we’ll get a PR from the community it’s not in priority.
For some of the use case authentication of the backend service accessing the Cayley instance and limiting the access to Cayley only through this service is enough. Have you considered this option?


#6

HI,
Yes, that s exactly what I was thinking :slight_smile: I am a user of the Buffalo framework. I have dev a project with this auth0 pipeline for projects.


The hybrid nature of Cayley makes it hard to see where it stands …
I am even thinking, it could be interesting to integrate somehow cayley and buffalo … The auth / scoping data is taken care with buffalo …
In a Saas scenario, you run your buffalo API as usual with users , orders, (what not ressources) and then for graph datas, you pass the requests to Cayley and scope them …
This scenario means two databases thought…

I have opened an feat discussion at Buffalo here : https://github.com/gobuffalo/buffalo/issues/1828