Simple Example of token based authentication with token rotation
query me {
me {
id
name
email
}
}
mutation signUp {
signUp(
signUpInput: {
email: "ram@test.com"
name: "ram"
password: "ram@Password"
}
) {
done
}
}
mutation login {
login(loginInput: { email: "ram@test.com", password: "ram@Password" }) {
done
accessToken
refreshToken
}
}
query newToken {
newToken {
done
accessToken
refreshToken
}
}If user has not DOCTOR role, he will be forbidden to create prescription.
mutation createPrescription {
createPrescription(
input: { prescribedTo: 3, prescribedBy: 4, prescription: "one" }
) {
data {
id
prescribedTo {
id
name
}
prescribedBy {
id
name
}
prescription
}
}
}- If the doctor has not prescribed the prescription, he will be forbidden to view the prescription.
query prescription {
prescription(id: 1) {
id
prescribedTo {
id
name
}
prescribedBy {
id
name
}
prescription
}
}