@pbassham built a very small proof of concept for us with Swift. To be clear it was a very basic functionality to see how the sign-in and query process works. I am Windows based and he (pbassham) is iOS based, so that was his baby. We sidelined that while we focus on getting our main web app built first and relaunched.
I don’t think he tried any single sign on, we haven’t really integrated our sign-in process with anything 3rd party yet. We are just managing it all ourselves with a lambda (not hosted in Dgraph Cloud) to serve JWTs from our own Dgraph database. It should be available though. Check out
All you need is a signed JWT containing the user’s information and roles that is needed by your custom GraphQL authorization rules.
From our little experiment without getting too far into it, we did find though that the GraphQL queries themselves required a much more static approach. Sometimes we dynamically build queries but the approach that we found with swift is that the queries had to be very statically defined up front and then modified with variables such to skip or include fields. Again, I am very very far from knowing anything about swift though and there may be other ways to do it than what we initially found.
To answer directly…
Dgraph Cloud can provide the GraphQL API endpoint that can be secure with @auth rules. Set this up and you will not need another backend server for the majority of use cases.
To clarify again. Dgraph’s Cloud GraphQL API (right now) does not do authentication, but only does authorization. One you authenticate a user in your app using some other method and have an authenticated signed JWT containing the user’s identification and any data needed for your business authorization rules, then you simply pass this JWT to the GraphQL API generated by Dgraph and it compares the signature of the JWT for validity and then runs the rules you have provided for the query that is being performed and will only allow the actions (add, update, delete) you authorize and return the data (query) that you authorize by your rules.
For more information concerning the Dgraph @auth directive see:
https://dgraph.io/docs/graphql/authorization/authorization-overview/