# Authentication & Authorization

# Get the current user

Lighthouse provides a really simple way to fetch the information of the currently authenticated user. Just add a field that returns your User type and decorate it with the @auth directive.

type Query {
  me: User @auth
}

Sending the following query will return the authenticated user's info or null if the request is not authenticated.

query Me {
  me {
    name
    email
  }
}

# Authorization

# Restrict access to fields

Lighthouse allows you to restrict field operations to a certain group of users. Use the @can directive to leverage Laravel Policies (opens new window) for authorization.

# Apply auth middleware

Lighthouse allows you to configure global middleware that is run for every request to your endpoint, but also define it on a per-field basis.

Use the @middleware directive to apply Laravel middleware, such as the auth middleware, to selected fields of your GraphQL endpoint.

type Query {
  users: [User] @middleware(checks: ["auth:api", "custom"])
}

If you need to apply middleware to a group of fields, you can put @middleware on an Object type.

extend type Query @group(middleware: ["auth:admin"]) {
  adminInfo: Secrets
  nukeCodes: [NukeCode!]!
}

← Relay Validation →