-
Amsterdam, NetherlandsFirebase Engineering Lead, Google
Michael is an engineering lead on the Firebase team at Google and has been building open source tech for the web for more than 15 years. Michael's open source projects have more than 2B downloads and he has presented at conferences including Google I/O, OSCON, and RailsConf. Michael recently led the creation of Firebase Data Connect, a GraphQL-based backend-as-a-service product that helps developers build apps on a PostgreSQL database.
Many of the most common issues developers run into when building GraphQL APIs (N+1 queries, difficult authorization logic, protecting against arbitrary query complexity) come down to a single problem: when an untrusted client can construct arbitrary queries, lots can go wrong. So what if they just couldn't? The wins of GraphQL aren't in letting *clients* build their own queries but in letting *client developers* build their own queries. When Firebase chose GraphQL as the basis for its new Data Connect product, we introduced "Connectors", a new resource type that bundles a group of predefined GraphQL queries and mutations and exposes them at an endpoint. While trusted servers can execute arbitrary queries, untrusted clients can only use predefined queries and mutations. This approach substantially simplifies the security model of building with GraphQL. Rather than worrying about every possible query, you can build authorization and complexity mechanics around well-known predefined queries. Learn the how, the why, and the possible future of "Connectors" for GraphQL in Firebase and beyond.