'GraphQL - Best way of passing credentials
If I have a GraphQL query/mutation and need to pass login information, how should I do it? Should I pass it in the query itself or pass it into the headers of the request? For example:
doSomethingThatRequiresLogin(
login: {
username: "some username",
password: "c29tZSBwYXNzd29yZA=="
},# should login be passed here or just put into the headers?
data: {
a: "b"
}
)
Solution 1:[1]
The login credentials should be put in the argument like so:
mutation Login($password, $username) { // put credentials here
login(password: $password, username: $usernameOrEmail) {
// belows are the field you want to return after user login
user {
username // return username is generally a common practice
token // just like what we usually do in a REST api
} // return the things client mutated/updated
errors{
...
// alternatively return a optional errors field
// when things go south
}
}
}
In you graphql server, you can access the credentials through args:
async function login(parent, args, context, info) {
const {username, password} = args // we get the credentials here
... // your password hashing and db stuff
return {
token,
user
};
}
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Enfield li |