GraphQL Federation with Ballerina and Apollo — Part II
This is part II of the series “GraphQL Federation with Ballerina and Apollo”. Refer to Part I before reading this.
This article was written using Ballerina Swan Lake Update 8 (2201.8.0)
In the first part, we discussed the GraphQL federation concepts and how to implement federated GraphQL API using Ballerina and Apollo Studio. In this part, we will discuss how to implement Entity types and ReferenceResolvers in Ballerina. Further, we will briefly discuss how to handle authentication and authorization in a federated GraphQL API.
Adding Federated Fields
We have intentionally left some fields from the subgraph implementations. This is to simplify the supergraph creation process. Now that we have a working supergraph, we can add the missing fields. The beauty of the GraphQL federation is that it reduces the duplication of types. As per our initial GraphQL API, there are types with fields spread across the subgraphs. To add these fields, you need to implement the subgraphs with federation-specific functionalities.
Note: In GraphQL federation, you can compose individual, isolated subgraphs into a federated GraphQL schema, as we have done so far. Currently, all our subgraphs are standalone GraphQL services. But to add federation-specific functionalities, we need to mark them specifically as subgraphs.
Updating Subgraphs to Federated Subgraphs
The ballerina/graphql.subgraph module consists of the functionalities for GraphQL federation. To use these functionalities, you need to import the ballerina/graphql.subgraph module. Then you can mark your GraphQL service as a subgraph using the subgraph:Subgraph annotation.
Marking the Products Subgraph as a Federated Subgraph
You need to do the following things:
- Mark the Products subgraph as a federated subgraph
- Mark the
Producttype as anEntitytype - Provide a
ReferenceResolverfor theProducttype
First, to mark the Products subgraph as a federated subgraph, you need to add the @subgraph:Subgraph annotation to the GraphQL service.
Following is the updated GraphQL service code in the Products subgraph.
import ballerina/graphql;
import ballerina/graphql.subgraph;
@subgraph:Subgraph
service graphql:Service on new graphql:Listener(9091) {
// ...
}Basically, what you need to do is to import the ballerina/graphql.subgraph module and add the @subgraph:Subgraph annotation to your existing GraphQL service.
Now that the product subgraph is marked as a subgraph, we can mark our Product type as an Entity type.
To mark the Product type as an entity, you need to update the Product type as an Entity type and add a ReferenceResolver for the Product type. Following is the updated Product type definition:
import product_subgraph.datasource;
import ballerina/graphql;
import ballerina/graphql.subgraph;
@subgraph:Entity {
key: "id",
resolveReference: resolveProduct
}
public type Product record {|
// same as before
}
isolated function resolveProduct(subgraph:Representation representation) returns Product|error {
string id = check representation["id"].ensureType();
return datasource:getProduct(id);
}Using this, we state that the Product type is an Entity in the federated supergraph, which is to say that this type might have fields included from the other subgraphs. For an Entity, there should be a key to uniquely identify a particular value of that entity type. For the router to identify these specific values, you need to provide which field acts as the key for this entity type. In this case, the id field is used as the key. The rest of the type definition remains the same.
Then you have to define a ReferenceResolver for the Product type. This is a requirement in the GraphQL federation specification, which states that if a particular subgraph contributes at least a single unique field must implement a reference resolver for that type. A reference resolver takes exactly one input, the subgraph:Representation type. When the GraphQL router sends a request to the subgraph to resolve a particular type using its unique identifier, the Representation type will include that field, in this case, the id field. Then you can retrieve that type from the subgraph:Representation and use that identifier to resolve the value of the type. In this case, we get the id from the representation and return an instance of the Product type. This function is passed as a function pointer in the @subgraph:Entity annotation as the resolveReference field.
Now the Products subgraph implementation is ready to be published. You can regenerate the GraphQL schema for the Products subgraph using the bal command:
bal graphql -i service.balThen you can publish your updated Products subgraph to the Apollo Studio using the previous command:
rover subgraph publish <APOLLO_GRAPH_REF> \
-name Products \
-schema ./schema_service.graphql \Note: When publishing the same subgraph for the second time, you don’t need to provide the routing URL of the subgraph, until you need to change it.
Marking the Users Subgraph as a Federated Subgraph
You need to do the following things:
- Mark the Users subgraph as a federated subgraph
- Mark the
Usertype as anEntitytype - Provide a
ReferenceResolverfor theUsertype
Marking the Users subgraph as a federated subgraph is similar to the Products Subgraph. Following is the updated GraphQL service code in the Users subgraph.
import ballerina/graphql;
import ballerina/graphql.subgraph;
@subgraph:Subgraph
service graphql:Service on new graphql:Listener(9091) {
// ...
}Then you can mark the User type as an Entity type. Following is the updated User type definition:
import user_subgraph.datasource;
import ballerina/graphql;
import ballerina/graphql.subgraph;
@subgraph:Entity {
key: "id",
resolveReference: resolveUser
}
public type User record {|
@graphql:ID string id;
string name;
string email;
|};
isolated function resolveUser(subgraph:Representation representation) returns User|error? {
string id = check representation["id"].ensureType();
return datasource:getUser(id);
}The above code segment shows the subgraph:Entity annotation, the resolveUser function as the reference resolver.
To facilitate the reference resolver, you need to provide an API to retrieve a User value from the id. In this case, we have a getUser function in the datasource module. Then you can use this function to resolve the User value from the Representation type. Following is the definition of the getUser() API inside the datasource module:
public isolated function getUser(string id) returns User? {
lock {
if users.hasKey(id) {
return users.get(id);
}
}
return;
}With this, your Users subgraph is ready to be published. You can regenerate the GraphQL schema for the Users subgraph using the bal command:
bal graphql -i service.balThen you can publish your updated Users subgraph to the Apollo Studio using the previous command:
rover subgraph publish <APOLLO_GRAPH_REF> \
-name Users \
-schema ./schema_service.graphql \Marking the Reviews Subgraph as a Federated Subgraph
Now you are ready to update the review subgraph. To refresh the memory, we need to do the following:
- Mark the GraphQL service as a subgraph
- Add the
Productentity type (withreviewsfield) - Add the
Userentity type (withreviewsfield) - Add the
productfield to theReviewtype - Add the
authorfield to theReviewtype
First, to mark the Reviews subgraph as a federated subgraph, you need to add the @subgraph:Subgraph annotation to the GraphQL service, similar to the previous subgraphs.
Following is the updated GraphQL service code in the Reviews subgraph.
import ballerina/graphql;
import ballerina/graphql.subgraph;
@subgraph:Subgraph
service graphql:Service on new graphql:Listener(9093) {
// ...
}Then you can add the Product type as an entity. From the Reviews subgraph, we contribute the reviews field to the Product type. Therefore, you only need the id field (which is the key for the Product entity type) and the reviews field. You should also define the reference resolver for the Product type. Following is the Product type definition:
@subgraph:Entity {
key: "id",
resolveReference: resolveProduct
}
public type Product record {|
@graphql:ID string id;
Review[] reviews;
|};
public isolated function resolveProduct(subgraph:Representation representation) returns Product|error {
string id = check representation["id"].ensureType();
return getProduct(id);
}Similarly, you can define the User type with the reviews field and the corresponding reference resolver. Following is the User type definition:
@subgraph:Entity {
key: "id",
resolveReference: resolveUser
}
public type User record {|
@graphql:ID string id;
Review[] reviews;
|};
public isolated function resolveUser(subgraph:Representation representation) returns Product|error {
string id = check representation["id"].ensureType();
return getAuthor(id);
}As per the above codes, you need two utility functions to retrieve the Product and User values from the data source. Following are the implementations of those functions:
isolated function getProduct(string id) returns Product {
ReviewInfo[] reviewList = datasource:getReviewsByProduct(id);
return {
id,
reviews: reviewList.map(reviewInfo => new Review(reviewInfo))
};
}
isolated function getAuthor(string id) returns User {
ReviewInfo[] reviewList = datasource:getReviewsByAuthor(id);
return {
id,
reviews: reviewList.map(reviewInfo => new Review(reviewInfo))
};
}To facilitate these functions, you need to add new APIs to the datasource. Following are the implementations of those APIs:
public isolated function getReviewsByProduct(string productId) returns readonly & Review[] {
lock {
return from Review review in reviews where review.productId == productId select review;
}
}
public isolated function getReviewsByAuthor(string userId) returns readonly & Review[] {
lock {
return from Review review in reviews where review.authorId == userId select review;
}
}Then you have to add the author and product fields to the Review type. This can be easily done by adding two resource methods to the existing Review service class. Following are the two new resource methods:
isolated resource function get author() returns User => getAuthor(self.reviewInfo.authorId);
isolated resource function get product() returns Product => getProduct(self.reviewInfo.productId);Now your Reviews subgraph is ready to be published. You can regenerate the GraphQL schema for the Reviews subgraph using the bal command:
bal graphql -i service.balThen you can publish your updated Reviews subgraph to the Apollo Studio using the previous command:
rover subgraph publish <APOLLO_GRAPH_REF> \
-name Reviews \
-schema ./schema_service.graphql \Now all three subgraphs are updated and published to the Apollo studio. Now if you visit the Apollo Studio and check the generated supergraph schema, you can see the following schemas:
- The GraphQL API schema
type Mutation {
addReview(input: ReviewInput!): Review!
}
type Product {
id: ID!
name: String!
description: String!
price: Float!
reviews: [Review!]!
}
type Query {
products: [Product!]!
product(id: ID!): Product
reviews: [Review!]!
users: [User!]
}
type Review {
id: ID!
title: String!
comment: String!
rating: Int!
author: User!
product: Product!
}
input ReviewInput {
title: String!
comment: String!
rating: Int!
authorId: String!
productId: String!
}
type User {
id: ID!
reviews: [Review!]!
name: String!
email: String!
}- The composed supergraph schema
schema
@link(url: "https://specs.apollo.dev/link/v1.0")
@link(url: "https://specs.apollo.dev/join/v0.3", for: EXECUTION)
{
query: Query
mutation: Mutation
}
directive @join__enumValue(graph: join__Graph!) repeatable on ENUM_VALUE
directive @join__field(graph: join__Graph, requires: join__FieldSet, provides: join__FieldSet, type: String, external: Boolean, override: String, usedOverridden: Boolean) repeatable on FIELD_DEFINITION | INPUT_FIELD_DEFINITION
directive @join__graph(name: String!, url: String!) on ENUM_VALUE
directive @join__implements(graph: join__Graph!, interface: String!) repeatable on OBJECT | INTERFACE
directive @join__type(graph: join__Graph!, key: join__FieldSet, extension: Boolean! = false, resolvable: Boolean! = true, isInterfaceObject: Boolean! = false) repeatable on OBJECT | INTERFACE | UNION | ENUM | INPUT_OBJECT | SCALAR
directive @join__unionMember(graph: join__Graph!, member: String!) repeatable on UNION
directive @link(url: String, as: String, for: link__Purpose, import: [link__Import]) repeatable on SCHEMA
scalar join__FieldSet
enum join__Graph {
PRODUCTS @join__graph(name: "Products", url: "http://localhost:9091")
REVIEWS @join__graph(name: "Reviews", url: "http://localhost:9093")
USERS @join__graph(name: "Users", url: "http://localhost:9092")
}
scalar link__Import
enum link__Purpose {
"""
`SECURITY` features provide metadata necessary to securely resolve fields.
"""
SECURITY
"""
`EXECUTION` features provide metadata necessary for operation execution.
"""
EXECUTION
}
type Mutation
@join__type(graph: REVIEWS)
{
addReview(input: ReviewInput!): Review!
}
type Product
@join__type(graph: PRODUCTS, key: "id")
@join__type(graph: REVIEWS, key: "id")
{
id: ID!
name: String! @join__field(graph: PRODUCTS)
description: String! @join__field(graph: PRODUCTS)
price: Float! @join__field(graph: PRODUCTS)
reviews: [Review!]! @join__field(graph: REVIEWS)
}
type Query
@join__type(graph: PRODUCTS)
@join__type(graph: REVIEWS)
@join__type(graph: USERS)
{
products: [Product!]! @join__field(graph: PRODUCTS)
product(id: ID!): Product @join__field(graph: PRODUCTS)
reviews: [Review!]! @join__field(graph: REVIEWS)
users: [User!] @join__field(graph: USERS)
}
type Review
@join__type(graph: REVIEWS)
{
id: ID!
title: String!
comment: String!
rating: Int!
author: User!
product: Product!
}
input ReviewInput
@join__type(graph: REVIEWS)
{
title: String!
comment: String!
rating: Int!
authorId: String!
productId: String!
}
type User
@join__type(graph: REVIEWS, key: "id")
@join__type(graph: USERS, key: "id")
{
id: ID!
reviews: [Review!]! @join__field(graph: REVIEWS)
name: String! @join__field(graph: USERS)
email: String! @join__field(graph: USERS)
}Now your supergraph schema is complete. You can use the Apollo Router to access your supergraph. If the router is not running already, run it again using the following command:
APOLLO_KEY=<Your Apollo Key> APOLLO_GRAPH_REF=<Your Apollo Graph Ref> ./router - config router.yamlThen you can access the supergraph using the following GraphQL document:
query ProductReviews {
products {
name
reviews {
rating
author {
name
}
}
}
}If everything works as expected, you will get the following response:
{
"data": {
"products": [
{
"name": "Shoes",
"reviews": []
},
{
"name": "T-shirt",
"reviews": [
{
"rating": 4,
"author": {
"name": "Bob"
}
},
{
"rating": 3,
"author": {
"name": "Charlie"
}
}
]
},
{
"name": "Pants",
"reviews": [
{
"rating": 1,
"author": {
"name": "Dave"
}
},
{
"rating": 4,
"author": {
"name": "Bob"
}
}
]
}
]
}
}If you get the above response, congratulations! You have successfully created a federated GraphQL API using Ballerina. You can try out more complex queries to test this further.
Handling Auth
In a production environment, you might need to handle authentication and authorization. In this section, we will discuss how to handle authentication and authorization in a federated GraphQL API.
Authentication
There are a few options/approaches for authentication for federated GraphQL APIs. In this article, we will discuss how to use the delegate method. In this approach, you will delegate the authentication to the subgraphs, without handling them at the router-level.
Note: There are other approaches where the authentication is handled at the router-level, but those are Apollo federation enterprise specific features. Therefore we are not going to discuss those approaches in this article. Refer to Apollo documentation for more information.
Configure the Router to Delegate Authentication
To delegate the authentication to the subgraphs, you need to forward the headers to the subgraphs. To do this, you need to add the following configuration to the router.yaml file:
headers:
all:
request:
- propagate:
named: authorizationThis will forward the authorization header value to each subgraph.
Implement Authentication in the Subgraphs
In each subgraph, you can define a contextInit function to retrieve the authorization header value. Following is the implementation of the contextInit function in the Products subgraph:
import ballerina/graphql;
import ballerina/http;
@graphql:ServiceConfig {
contextInit: contextInit
}
service graphql:Service on new graphql:Listener(9091) {
// same as before
}
isolated function contextInit((http:RequestContext requestContext, http:Request request) returns graphql:Context|error {
graphql:Context context = new;
string|error authHeader = request.getHeader("authorization");
if authHeader is error {
return error("Authorization failed");
}
UserContext|error userContext = authenticateUser(authHeader); // authenticate the user using the authHeader
if userContext is error {
return error("Authorization failed");
}
context.set("user", userContext);
return context;
}In the contextInit function, we are trying to authenticate the user using the authorization header value. If the authentication is successful, we are setting the UserContext to the GraphQL context. Note that we are using the authenticateUser method, which can be implemented according to your authentication mechanism.
After authenticating the user, the UserContext is passed to the GraphQL context. Using the UserContext, you can implement the authorization logic in the resolvers. In GraphQL, you can configure what fields are accessible to a particular user. In Ballerina this can be achieved using the Interceptors. Following is an example of an interceptor:
import ballerina/graphql;
@graphql:InterceptorsConfig {
global: false
}
readonly service class AdminAuthInterceptor {
*graphql:Interceptor;
isolated remote function execute(graphql:Context context, graphql:Field 'field) returns anydata|error {
UserContext user = check context.get("user").ensureType();
if userContext.role != "admin" {
return error("Unauthorized");
}
return context.resolve('field);
}The above interceptor handles the authorization logic for the admin role. You can implement other interceptors for other roles as well. Then you can add these interceptors to the resolvers. Following is an example of adding an interceptor to a resolver:
service graphql:Service on new graphql:Listener(9091) {
// same as before
@graphql:ResolverConfig {
interceptors: [new AdminAuthInterceptor()]
}
isolated remote function getProduct(string id) returns Product|error {
// same as before
}
}We can follow the same approach for the other subgraphs as well. Now you have a federated GraphQL API with authentication and authorization.
Apart from this, you can also handle authentication using a gateway. In this case, the gateway itself authenticates the user and returns errors if the authentication fails.
In production environments, you can use a combination of these approaches to handle authentication and authorization, which will provide a more robust authentication and authorization mechanism.
Conclusion
In this article, we discussed the GraphQL federation concepts and how to implement federated GraphQL API using Ballerina and Apollo Studio, with authentication and authorization.
There are more exciting projects coming up in the Ballerina GraphQL ecosystem, including:
- The Ballerina GraphQL federation gateway
- The Ballerina GraphQL schema registry
- The federation support for the Ballerina GraphQL CLI tool
Stay tuned for more updates!
References
The complete code for the subgraphs can be found in the following repositories:
Ballerina is an open-source project. We welcome any kind of contributions to the Ballerina platform, including starring on GitHub.
