Added Code Hints to custom-session-jwt example Implementation

[ogheneovo12]

After Encountering a limitation With Http Only Cookies and Safari, i decided to switch Over to Jwt Session Strategy. Followed The Approach provided in the example code here custom-session-jwt example. The Example Had the token Signed Manually as shown below https://github.com/keystonejs/keystone/blob/4e1cf3f7101820259a934b6af08d0cccb6e1cf2a/examples/custom-session-jwt/keystone.ts#L88-L99

Spent a whole day trying to figure out where to generate the token for the authenticateWithPassword mutation to work right.

Finally cracked it by delving into the statelessSessions implementation code. Turns out, the sessionStrategy Start Method should return the signed Token.

Suggest adding a hint in the example to save newcomers like me the trouble of digging deep.

[codesandbox-ci[bot]]

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

Latest deployment of this branch, based on commit 0b2a817ffed61246b8fba16a5b530e41ecde5bbb:

Sandbox	Source
@keystone-6/sandbox	Configuration

[dcousens]

I guess it depends on how you want this to work. A common approach isn't to jwtSign on the Keystone 6 server at all, but maybe that isn't helpful to newcomers.

[ogheneovo12]

Are there any specific reasons why the jwtSign shouldn't be used on the k-6 server and aside sessions what other authentication alternatives strategy would you recommend/suggest

[dcousens]

I can't really recommend anything, as these decisions are highly specific to how you are using Keystone 6 and your infrastructure architecture.

I understand your problem though, and I think adding jwtSign to the example could be helpful to newcomers. Maybe we need to add @keystone-6/auth too, as otherwise start and end are unused anyway.

[dcousens]

I think I'm going to reject this pull request, but I hear you @ogheneovo12 that we need to show how this could be used, from within the example.