If you got to this article, you are probably looking for a way to implement non-static permissions into your GRANDstack application. Permission - or scopes - are usually in the form of object:action, however in some situations that’s just not enough: what you might need is object:action if a user has some relationship to the object. This is what I call a conditional permission. It might seem like a trivial requirement. Unfortunately it is not.

In this article I’ll show you how to implement conditional permissions such that

  1. Your graphQL API is secured; and
  2. Your REACT front-end is well integrated…


Recently I started building a question answering tool with the likes of StackOverflow. As I truly believe in graph technology for many use cases, this seemed like one with great applicability. A great journey was ahead.

I won’t dive into Neo4j, nor in building a frontend (which I have done with React), nor in building the server-side code for such tool. Instead I want to focus on authorization. Authentication identifies a user and authorization determines what a user can and cannot do.

To proceed you will need a basic understanding of the following:

  • JavaScript
  • GraphQL
  • JWT encryption

If you don’t…

Nathan Meibergen

I am a mathematician, enthusiastic about creating analytics driver tools using state of the art analytics models and development tools.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store