Anon Ray
Software Engineer
Talk Title
Building a flexible & performant authorization rule engine for GraphQL
Talk Abstract
There are various ways of implementing authorization for a GraphQL server. In this talk, I’ll review different approaches and problems. Eg: authz might result in making multiple calls to the database not just to resolve data but also to fetch authorisation constraints. I will finally share our learnings in building a flexible rule engine in Hasura that avoids these pitfalls.
Talk Description
In this talk, we will review approaches and challenges of implementing authorization in your GraphQL server. We will survey well-known patterns of authorization. I will then share our learnings from building the rule engine we have built at Hasura, describe how it avoids performance pitfalls and the pros and cons of this approach.
Bengaluru, Karnataka