graphql-engine icon indicating copy to clipboard operation
graphql-engine copied to clipboard

Published 20 hours ago verified publisher icon hasura

Actions should be able to update session variables

Open esseswann opened this issue 5 years ago • 4 comments

Problem We have a following popular scenario:

  • Use Actions to make a JWT auth flow and assign it to auth mutation
  • Actions return JWT info + user_id
  • Create relationship user_id -> user

But if user table has any permissions nothing will be returned from the user type in the auth mutation because the context of this query does not have a session variable

Possible solution Allow updating session variables in the response which replaces context for relationships down the tree

esseswann avatar Sep 08 '20 19:09 esseswann

I guess the way you might be working around this currently is by doing the auth mutation and then doing query for user separately (with the jwt token/session variables set)?

tirumaraiselvan avatar Sep 21 '20 11:09 tirumaraiselvan

Yep, that's what we're doing right now May be we could have a convention that auth handler might have some "X-Hasura-Context-*" headers that right-merge the original ones with anything in the wildcard

esseswann avatar Sep 21 '20 11:09 esseswann

We've encountered this problem on 2 other projects. Practically what we're trying to solve here is to remove extra query. Using bespoke graphql server allows returning the user alongside the authentication response with access\refresh tokens

esseswann avatar Feb 13 '21 11:02 esseswann

@tirumaraiselvan any update on this? Maybe something similar is being tracked elsewhere?

esseswann avatar May 16 '21 18:05 esseswann