MERN Stack & GraphQL - #11 Custom Schema Directives

Few weeks ago, a viewer posted an issue on this project's GitHub repo bringing up custom scalars for validation https://github.com/alex996/graphql-chat/issues/2 I was intrigued by the idea and had to admit that it didn't cross my mind when making GraphQL Server-Side Validation video https://youtu.be/t8qpxmuq8CQ At first glance, the scalar approach was very promising, but upon closer inspection, it fell short of its promises for being ahead of its time with limited library support. This was too bad considering scalars are at the heart of GraphQL. Lately, I've been glossing over a few YouTube videos on the topic of authentication in GraphQL. Aside from the JWT bias on the side of Auth0 and a handful of hand-crafted session wrappers from fellow creators, I couldn't find anything conclusive. Authenticating users in GraphQL, it seems, still remains an unsolved mystery. Then my erratic search queries lead me to an article that drove the point home - authentication in the NPM land is hard https://hackernoon.com/your-node-js-authentication-tutorial-is-wrong-f1a3bf831a46 It still sucks in 2019, which is a shame, because it doesn't have to. Why can't it be as simple and intuitive as in Laravel or Rails? Why should every developer always take care of every security aspect on his own? That just seemed counter-productive to me. To this day, I haven't solved this problem, and no, this video won't either. But it got me thinking if authentication could be made an integral part of the app, if it could co-exist with the rest of it in harmony and unison. After all, if the app is architectured in GraphQL, shouldn't the auth module fall into it instinctively? Shouldn't it be closer to the metal, so to speak? To the types, the fields, and... the directives? But the primary driver for refactoring was to eliminate duplicated session checks and keep the code DRY and lean. I first thought of higher order functions on top of resolvers, which would be slightly more elegant and fashionable, yet even those ones would have to repeat. When I thought of custom directives, the pieces finally fell into place. Watch me puzzle out the route to a better auth in GraphQL, as we break the code and sort out some of the session-related hangups left over from previous sessions. And get ready for the upcoming uploads. We're going to get into the nitty-gritty details of designing a scalable chat platform with privacy and performance in mind. Stay tuned for more videos. See you then GraphQL Directives 101 https://graphql.org/learn/queries/#directives Custom Directives in Apollo-Server https://www.apollographql.com/docs/apollo-server/features/creating-directives.html