aligent/magento2-introspection-auth

Restricts introspection GraphQL queries to authorised users

Maintainers

Details

github.com/aligent/magento2-introspection-auth

Source

Issues

Installs: 372

Dependents: 0

Suggesters: 0

Security: 0

Stars: 1

Watchers: 12

Forks: 0

Open Issues: 0

Type:magento2-module

1.0.0 2023-11-28 02:06 UTC

Requires

  • php: ~8.1.0|~8.2.0
  • magento/framework: *

GPL-3.0-only 8a674716e768952f9fb9d5f58e455b88f143b647

This package is auto-updated.

Last update: 2024-04-28 03:09:17 UTC

README

Magento 2 module to handle authorisation of GraphQL introspection queries.

Functionality

In Magento 2, GraphQL introspection can be enabled/disabled globally. This module adds functionality so that when enabled, introspection queries can only be made by authorised users.

Installation

  1. Install the package via composer
composer require aligent/magento2-introspection-auth
  1. Enable the module
bin/magento module:enable Aligent_IntrospectionAuth
  1. Run the setup:upgrade command
bin/magento setup:upgrade

Configuration

The authorisation functionality can be enabled/disabled via Stores -> Configuration -> Advanced -> System -> Security -> Enable Introspection Authorisation Note that authorisation will only work is GraphQL introspection is enabled. If it is disabled, it will be disabled for all users, regardless of authorisation.

Permission

In order to be authorised, users/integrations will need the Aligent_Introspection::introspection_allowed permission