Authentication & Authorization basics


Hi! I am just researching a possibility to use Prisma for the next project and this is likely a very basic question I have got. However, I struggle to find any straightforward example of the setup I am willing to implement.

I am going to have my web app’s API and and a separate OAuth server for authentication. I want to use Prisma for data access and manipulations using graphql. How do I implement query authorization so that when new queries are sent to Prisma, users will only get data (or modify data) if they have appropriate permissions? What is a granularity for such permissions? Can it be defined per-type or per-operation or per-endpoint?

I am also checking if it is possible to have the same setup where my web API is implemented in C# (.net core)?

Any hints / pointers are much appreciated.


We have some tutorials for you.