Advanced Use Cases

This section describes advanced use cases of the validation middleware.

The Validation Middleware is not just useful to check if a request is valid. It can be used to offer different "views" of the schema to different users. Let's look at an example schema to understand this feature:

scalar String
schema {
query: Query
}
type Query {
documents: [Document]
}
type Document {
owner: String
sensitiveInformation: String
}

Let's imagine we'd like to hide the field "sensitiveInformation" to a subset of our users. In this case we can setup a dedicated proxy (or proxies) with the following schema:

scalar String
schema {
query: Query
}
type Query {
documents: [Document]
}
type Document {
owner: String
}

Requests to this proxy including the field "sensitiveInformation" will not be valid requests and therefore won't pass through to the backend.

It's up to the you to provide an authorization mechanism in front of this proxy. This could be a L4/L7 Proxy Like Envoy with a JWT middleware. In the future this proxy might add support to handle protocols like OpenIDConnect itself.