-
Notifications
You must be signed in to change notification settings - Fork 169
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Question] General auth strategy #30
Comments
We use a basic token based auth strategy which is exported through a REST endpoint. The handlers themselves are not implemented inside GraphQL resolvers in anyway, but the result of the authentication aka current user will be accessible in the resolvers via context. What's nice about what we did is that we included the REST endpoint as part of a GraphQL module which can easily be imported and plugged to other modules in other applications, so it's completely agnostic. See auth module's source code. Hope this helps |
I saw that, actually I didn't know you could do that with GraphQL modules! Seems like something I need to explore more. Thanks! |
Happy to help |
That is what we did, but in a lot of our apps we use js-accounts and making auth it own GraphQL Module. |
Oh interesting, js-accounts was the other thing I was looking at, precisely because it offers a better GraphQL integration. Looking forward to see what you end up doing! |
@SachaG you can check out the related PRs that @ardatan did here: |
Thanks! Can I ask what pushed you to use Accounts.js since you already had Passport working? |
Oh so you didn't use Accounts.js in the end? |
@SachaG But we're going to use it later. |
@SachaG there are several reasons to prefer Accounts.js. |
I'm sure I could answer my question with a close enough look at the code, but I'm not super familiar with GraphQL modules and other concepts employed by the codebase yet so I thought it might be quicker to just ask directly.
Basically, I'm wondering what auth strategy is employed by the app? I saw that it uses Passport, but does it use Passport's "normal" patterns and endpoints, or does the auth also go through the GraphQL layer? In other words, would signing up, logging in, etc. all be treated as GraphQL mutations? Or just requests to endpoints?
FWIW I've been asking around and most GraphQL apps seem to keep the auth layer separate from GraphQL, and it does seem like this is also what this app does, but I wanted to double check and maybe hear more about what lead you to adopt this approach.
The text was updated successfully, but these errors were encountered: