How to run GraphQL query as ADMIN on behalf of a user? #2326
-
|
We used to do it with Hasura using Now we use Prisma and Yoga and I've read this Prisma doc: https://v1.prisma.io/tutorials/graphql-rest-authentication-authorization-basics-ct20#authentication-with-graphql-using-graphql-yoga but still do not understand how or if it is even possible with Prisma. How an admin can impersonate a user? Often administrators need to impersonate other users for testing or troubleshooting purposes. Thank you! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Hi @paulz ! With Envelop/Yoga plugins, you should be able to intercept the request and manipulate the GraphQL execution |
Beta Was this translation helpful? Give feedback.
-
|
Thank you @dotansimha! Wonder if such plugin already exists, as it seems a common need. |
Beta Was this translation helpful? Give feedback.
Hi @paulz !
This is a feature that you might need to implement, on top of your authentication solution. It's not built-in in Yoga, since it's not part of the GraphQL specification. In Hasura and other platforms, they've implemented this feature for tenants.
With Envelop/Yoga plugins, you should be able to intercept the request and manipulate the GraphQL execution
context, this way you can check the validity of an admin token, and decide to inject/replace thecontext.currentUserwith the user you wish to impersonate to (or, any other way you implemented your authentication on top of Yoga).