How can i pass credentials (cookies) to networkLayer ? #1
Comments
|
Yes, I think it is currently impossible to pass user specific cookies to a network layer on the server. But, you can pass the credentials to your HTTP server in a cookie as usual, then pass them to the GraphQL server as an ID parameter of the query root field. |
|
But how can i pass params to GraphQL ? intercept query from client then change it manually ? sounds too tricky... |
|
No, you don't have to intercept any GraphQL queries from the client. The client can set query params including the user ID, itself. When receiving request from a client, the GraphQL server can verify that the user ID, passed as a query param, match the user credentials, passed in HttpOnly cookies. The GraphQL server verifies only client requests because the server can't send user specific cookies (the singleton network layer does not allow it), but the GraphQL server trusts requests from the server anyway, so that is not a problem. I know, all this is too complicated anyway, but at least it do the job. |
|
you mean send queries both in client & server like: seems i can only pass it as a url query param ( with react-router-relay use |
You can pass it as a state param.
The GraphQL server should authenticate and authorize users anyway, even without isomorphism. And it is not so hard to detect that query came from the server. In that case only authorization is needed, and authentication could be just skipped. |
|
Yep, i use passport as authorization solution. seems no open source solution that can mix them up, so, a lot of work to do. anyway, thx very much for your help! |
|
@denvned Is there anywhere an example of implementing your idea:
Or possibly different examples implementing different parts of it? I am fairly new to this and while I understand it on the conceptual level, it is hard for me to tell how to implement all the pieces. |
have to wait facebook/relay#558 ?
The text was updated successfully, but these errors were encountered: