GraphQL APIs

There are two GraphQL APIs in the server. One is a sub-endpoint of the Dynamic Client Registration endpoint to work with DCR clients. The other is the User Management GraphQL endpoint. It contains a schema to manage user accounts as graph data.

Using Access Tokens

In order to work with the GraphQL API an access token needs to be obtained. The authorization manager configured on the corresponding profile defines what the token needs to contain in order to gain access.

Most commonly it needs to contain a certain scope to pass the first authorization step, and if the groups authorization manager is used it also needs to contain the groups claim with a user group that maches one of the rules in the authorization manager.

Introspecting the Schema

The GraphQL schema can be obtained from the GraphQL endpoint. However it is required to provide an access token with at least read access to see the schema.

Most GraphQL tools allow you to configure the headers sent when accessing the endpoints.

../../_images/setup-token.png

Fig. 190 Example of adding an access token to GraphiQL

After this is done, the tool will be able to introspect the endpoint and the schema should become visible.

The schema exposes two top level types: Query and Mutation. The Query is used when reading data and Mutation when updating.

../../_images/schema-1.png

Fig. 191 Top level schema in GraphiQL

../../_images/schema-2.png

Fig. 192 Query schema in GraphiQL

Using Queries

There are two types of queries, singular and plural; to obtain a single account or multiple.

Listing 285 Querying for an account by username
query SingleAccount {
  accountByUserName(userName: "johndoe") {
    id
    userName
    emails {
      primary
      value
    }
  }
}
Listing 286 Response when querying for an account by username
{
  "data": {
    "accountByUserName": {
      "id": "b626d5d206f64165bb5c14a843545c9d",
      "userName": "johndoe",
      "emails": [
        {
          "primary": true,
          "value": "john.doe@example.com"
        }
      ]
    }
  }
}

When reading multiple accounts the system provides cursor based pagination to be able to get partial results. It’s also possible to filter the result.

Listing 287 Querying for multiple accounts
query AllAccounts{
  accounts(sorting: { sortBy: created, sortOrder: ASCENDING } ) {
    edges {
      node {
        id
        userName
        emails {
          value
          primary
        }
      }
    }
    pageInfo {
      endCursor
      hasNextPage
    }
    totalCount
  }
}
Listing 288 Response when querying multiple accounts
{
  "data": {
    "accounts": {
      "edges": [
        {
          "node": {
            "id": "1e99fb8210a944f1b6069a0cfe1c59c5",
            "userName": "bcryptUser",
            "emails": [
              {
                "value": "bcrypt.user@example.com",
                "primary": true
              }
            ]
          }
        },
      ]
      "pageInfo": {
        "endCursor": null,
        "hasNextPage": false
      },
      "totalCount": 13

The API loosely follows the definitions in relay.dev for pagination. Most concepts in the GraphQL APIs should be familiar to anyone experienced with GraphQL APIs.