Investigate how we could handle authentication of the graphiql endpoint

[josephwoodward]

See here for more discussions on this.

[MisterJimson]

I suggest a small bit of UI that allows you to set a map of header values and keys. This should be suitable for most authentication setups.

[aleGuardiola]

services.AddSwaggerGen(options =>
{
options.SwaggerDoc("v1", new Info {Title = "Protected API", Version = "v1"});

// we're going to be adding more here...

});

options.AddSecurityDefinition("oauth2", new OAuth2Scheme
{
Flow = "implicit",
AuthorizationUrl = "http://localhost:5000/connect/authorize",
Scopes = new Dictionary<string, string> {
{ "demo_api", "Demo API - full access" }
}
});

This is how swagger doc handle authentication. It will be nice something like that where is possible to create custom scheme.

[josephwoodward]

How about making it more general purpose by a delegate that gets invoked before GraphQL that enables you to validate the request (whether by oauth or basic auth, or any other means) that returns a boolean for whether to enable the GraphQL endpoint?

[josephwoodward]

This is what I'm thinking, thoughts are appreciated #42