Comments (7)
haha yep understood. I think what you're suggesting is a more accurate "viewer" pattern...but I wasn't sure if it's a good idea to always have this jwt
requirement (even if it can be null
) at the top level of each GraphQL query.
Just wanna make sure you're having good experience with this. If you feel better about what you're suggesting and you think it's giving better UX. Feel free to adjust ... we're sort of secretly making a usability test on you ;)
from serverless-graphql.
@kevinold can you have a look at it? I can assist you with the JWT and DynamoDB implementation!
from serverless-graphql.
@pmuens I'm not sure I can for the next few weeks. Dealing with a family issue that limits my free time. Will try to check in when I can.
from serverless-graphql.
Alright. No problem! I'm just struggling to define the schema...
Here's an example I created (/cc @eahefnawy). Not sure if it's good (the Schema also returns the viewer which is not that great I think...) and how we should do this with mutations:
export const ViewerType = new GraphQLObjectType({
name: 'Viewer',
description: 'Viewer',
fields: () => ({
users: {
type: new GraphQLList(FormType),
description: 'Get all users',
resolve: (source, args) => {
return getUsers(source);
}
}
})
});
const Root = new GraphQLObjectType({
name: 'Root',
fields: {
viewer: {
type: ViewerType,
args: { jwt: { type: new GraphQLNonNull(GraphQLString) } },
resolve(source, { jwt }) {
return { jwt: jwt };
}
}
}
});
const Schema = new GraphQLSchema({
query: Root,
mutation: Mutations
});
export default Schema;
from serverless-graphql.
I'd like to close this guy since it's now implemented, unless you guys have any other feedback?
@pmuens how was your experience integrating the client with this graphQL auth implementation?
from serverless-graphql.
@eahefnawy I think it's a good implementation for now. 👍
I thought that one could use a higher level query to scope this (which can be reused).
Let's pretend we want to enable it that a signed in user can delete an arbitrary user. So instead of:
mutation deleteUser {
deleteUser (id: "validUserId", jwt: "valid.jwt.token")
{ id username name email jwt }
}
something like this (it's not valid GraphQL):
user (jwt: "valid.jwt.token") {
deleteUser (id: "valid.user.id")
{ id username name email jwt }
}
Hope it's understandable :-D
from serverless-graphql.
Alright. It works great. So I don't think that we need to adjust it right now. But maybe we can keep the user
/ viewer
pattern in mind for updates later on.
from serverless-graphql.
Related Issues (20)
- An error occurred: GraphiqlLambdaFunction - Value of property Variables must be an object with String (or simple type) properties. HOT 1
- Use AppSync with Amazon RDS HOT 10
- Add aws Amplify Client HOT 1
- Unable to connect client to appsync api. HOT 3
- Fix missing query arg in apollo-client
- AppSync & RDS HOT 4
- Region AppSync <> DynamoDB HOT 1
- How does @aws_subscribe work in a Apollo + Lambda work?
- Error: only one instance of babel-polyfill is allowed HOT 8
- Appsync OPENID_CONNECT support? HOT 3
- Configuration for app-backend/appsync/dynamo? HOT 1
- Error: DynamoRole already exists HOT 1
- Migrate app-backend/rest-api to Apollo Server 2.0 HOT 4
- Bump babel/jest/webpack dependencies
- Playground is and graphiql loading with error HOT 1
- Request AppSync DataSource HTTP type
- Got error when run yarn install HOT 3
- Yarn start in `app-backend/dynamodb` does not start dynamodb on port 8000 HOT 1
- multiple @connection to same child table possible? HOT 1
- Batch mutations seem to create separate AWS Lambda invocations
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from serverless-graphql.