Logged in User

Our CreateLink mutation left incomplete because we could not authorize users back then, so let’s get back to it and complete the implementation. With what we have now, we can check whether the user is logged in or not by checking the Authorization HTTP header. With what we did in authentication middleware we can retrieve user in resolvers using ctx argument. so in CreateLink function add these lines:


  • 1: we get user object from ctx and if user is not set we return error with message access denied.
  • 2: then we set user of that link equal to the user is requesting to create the link.

And edit the links query to get user from db too.

The part that is left here is our database operation for creating link, We need to create foreign key from the link we inserting to that user.

Then when we query for users we also fill the User field for Link, so we need to join Links and Users table in our GetAll functions to fill the User field. If you are not familiar with join checkout this link.

and Our app is finally complete. To test the endpoint navigate to localhost:8080 and write the mutation to create link:

mutation {
  createLink(input: {title: "real link!", address: "www.graphql.org"}){

if you try it now you will get a access denied message:

  "errors": [
      "message": "access denied",
      "path": [
  "data": null

So you may realize that we prevented not logged in users from submitting links, To create link now you must set the Authorization header. From the bottom select HTTP Headers button and fill it like this:

  "Authorization": "" // use your own generated token

Try again you should be able to create a new link now.

Next Chapter


Summary of building a GraphQL server with GO backend

Go to next chapter