Comments (10)
I have an Auth service set as React Context. Within that service, I have a "renewToken" method.
renewToken = () => {
return new Promise((resolve, reject) => {
if (!this.lock) this.loadLock()
if (!this.state.authenticating) {
this.setState({ authenticating: true })
this.lock.checkSession({}, (err, authResult) => {
this.setState({ authenticating: false })
if (err) {
console.log("renew token error", err)
reject(err)
}
console.log("auth result", authResult)
// this is a mutation to apollo-link-state where the tokens are saved in local storage. TODO: move to cookies
this.props.client.mutate({
mutation: REFRESH_ACCESS_TOKEN,
variables: { accessToken: authResult.accessToken }
}).then(resolve)
})
} else {
resolve()
}
})
}
Then as an Apollo Link...
import { setContext } from "apollo-link-context"
const renewAuth0Token = setContext((request, { renewToken }) => {
// TODO: logout when idToken is invalid
if (
!isValidToken(getAccessToken()) &&
isValidToken(getIdToken()) &&
renewToken
) {
return renewToken()
}
return null
})
How does renewToken get in there?
const User = ({ children }) => (
<AuthContext.Consumer>
{({ renewToken }) => {
return (
<QueryWithLoading
context={{ renewToken }}
dataPath="me"
query={USER}
ssr={false}
>
{(data, allMethods) => {
return children(data, allMethods)
}}
</QueryWithLoading>
)
}}
</AuthContext.Consumer>
)
I'll be putting renewToken
into QueryWithLoading
directly soon. QueryWithLoading
just wraps Query
to handle loading states.
Did that help?
from prisma-auth0-example.
I have started working on the NextJS integration. Check out the next-js branch for progress! I hope to have it running next week.
from prisma-auth0-example.
Hey @agustif ,
Sorry for the delay. I'm hard at work with that pesky make a living crap. 😄
As mentioned on Twitter, with the exception of schema directives, I have the above stack working on my own app. If you're stuck or have questions before I update this boilerplate, please let me know. I'm happy to share the files and ideas.
from prisma-auth0-example.
@LawJolla THANKS I didn't answer before because I'm still looking for an a apartment to stay in Paris before ecole 42, starts, but this is just perfect for me now to ship my MVP for our backend tools
from prisma-auth0-example.
As I said on twitter, eagerly waiting for those updates to use them in my own projects! It gets kinda hard getting it all working client+Server
from prisma-auth0-example.
Hey @LawJolla
Can you please share how you implemented token refetching? 😄
from prisma-auth0-example.
@LawJolla I was just wondering your thoughts on the graphql side implementation of the refresh token. I was thinking about doing it a similar way you did but I'm concerned anyone with an access token can just refresh it.
from prisma-auth0-example.
Hey @ryankauk !
Can you explain your concern a bit more?
An access token cannot refresh itself -- that's the identity token. The idea is the identity token is long lived but the access token is short. If the permissions or authorization change, that'll be reflected in the next access token refresh.
from prisma-auth0-example.
Yea for sure, I saw this part ...
this.props.client.mutate({
mutation: REFRESH_ACCESS_TOKEN,
variables: { accessToken: authResult.accessToken }
}).then(resolve)
which I would assume the client side would give the graphql server the access token, and the server would have the client id, client secret and refresh token from auth0 and would take the access token, probably do some validation of it and then the server would give the refresh token to auth0 and return back the access token to the front end.
from prisma-auth0-example.
@ryankauk Sorry for the delay!
It actually works a little more third party than that. Your server doesn't communicate with Auth0 in the token process. The flow should be...
Client Login -> Auth0 -> ID_Token & Access_Token Generated -> Client -> Server -> Server validation
The client also has the responsibility to refresh the access token. That can happen in a few ways, but generally.
Client Request -> Client middleware sees access token expired -> pauses request -> sends ID token to Auth0 -> Auth0 returns new access token -> client resumes request with the new access token.
You server's only job is to validate that the token is signed with the right key and not expired.
from prisma-auth0-example.
Related Issues (12)
- Name, Email and Avatar in idToken not available HOT 2
- directive isOwner and isOwnerOrHasRole works at field level but not query level HOT 1
- BUG: "Error: A unique constraint would be violated on User. Details: Field name = auth0id" HOT 2
- Duplicate type in schema and datamodel in order to limit access to limit access to specific field HOT 6
- Authorization error HOT 23
- How to run authenticated query or mutation in GraphQL Playground? HOT 1
- Owner field label must be user HOT 9
- Parameter not in use HOT 1
- authenticate: Field 'user' of type 'User' must have a sub selection HOT 2
- Passing incoming argument to directive HOT 4
- Directive resolver isAuthenticated does not stop the request if the user is not authenticated [SOLVED] HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from prisma-auth0-example.