Access to graphiQL
Hi Team,
The default GraphiQL dashboard operates on a single key principle, which means it lacks authentication mechanisms. Consequently, even if the consuming team implements the OIDC feature for authenticating graph usage, this authentication cannot be enforced when accessing the graph through the dashboard. As a result, "Read" access is granted universally, rather than being restricted to specific groups.
Implementing authentication for graph usage, potentially through the Identity Provider (IdP) that users log in with, would significantly enhance security. This approach would ensure that content is not universally accessible and is only available to authorized products, effectively "hiding" it from others.
Please feel free to reach out if you have any further questions.
Yash Oza
shared this idea