graphql-engine

graphql-engine copied to clipboard

In current version of hasura, when the user token (whatever you pass to the auth hook) is revoked (e.g. user logged out remotely or user credential changed), any websocket already connected to hasura will still work and their access will not be revoked. I'd like to request a method to disconnect one or all the websockets from a certain user ID, so when the user automatically reconnect, their token will be re-verified by the auth hook.

Currently we enforce the expiry of authorization information in JWT mode (the connection gets closed after the expiration time as specified in the JWT). This is lacking in the webhook mode, maybe the webhook can specify the expiry time of the session with Expires header?

I'd like to request a method to disconnect one or all the websockets from a certain user ID, so when the user automatically reconnect, their token will be re-verified by the auth hook.

This I feel should be added as a part of a larger 'subscription management' APIs for an admin user.

FYI, webhook mode respects Expires and Cache-Control values via https://github.com/hasura/graphql-engine/commit/5b54f9d76629383da854cc16fb9667ea36b96218

Read more here: https://hasura.io/docs/1.0/graphql/manual/auth/authentication/webhook.html#response

This I feel should be added as a part of a larger 'subscription management' APIs for an admin user.

Any thoughts on adding something like this? We have a use case where when an admin revokes a user's access we need to terminate any subscriptions/websockets they may have w/o having to wait for the Expires condition to become true.

This I feel should be added as a part of a larger 'subscription management' APIs for an admin user.

Any thoughts on adding something like this? We have a use case where when an admin revokes a user's access we need to terminate any subscriptions/websockets they may have w/o having to wait for the Expires condition to become true.

Same case here!