knock icon indicating copy to clipboard operation
knock copied to clipboard

Published 20 hours ago verified publisher icon nsarno

How to use this gem with graphql gem?

Open ghost opened this issue 7 years ago • 6 comments

How to use this gem with graphql gem?

ghost avatar Nov 25 '17 23:11 ghost

You can include the Knock::Authenticable module in your graphql_controller just as you would any other controller. For example:

class GraphqlController < ActionController::Base
  include Knock::Authenticable

  before_action :authenticate

  def execute
    # snip...
    context = {
      # Query context - +current_user+ is available when authenticated:
      current_user: current_user,
    }
    # snip...
    render json: result
  end
end

For running queries in Graphiql, I’m currently using https://github.com/skevy/graphiql-app so that I can add the Bearer token to an Authentication header (adding custom request headers isn’t currently supported in the main graphiql tool).

christopherstyles avatar Jan 22 '18 06:01 christopherstyles

And what if I have some query for unauthenticated people?

before_action :authenticate catch all, right?

ghost avatar Feb 06 '18 17:02 ghost

@christopherstyles This is totally great. One question - I need to have some GraphQL mutations (createUser, signIn) skip authentication. I'm wondering if it would be better to:

  1. move the knock authentication success into the GraphQL context or
  2. if it's possible to skip the :authenticate filter within a specific mutation/type somehow?

If you have thoughts on this, I would dearly love to hear them! 🥇

sterrym avatar Feb 15 '18 00:02 sterrym

@sterrym Have you ever figured out how to do this? If so, how?

matejLukasik avatar Jan 22 '19 12:01 matejLukasik

@matejLukasik Unfortunately (for this thread), we ended up going a different direction on the app we were working on and didn't use the knock gem at all. We ended up doing unauthenticated calls as regular API calls which created the JWT for us using the devise-jwt gem (https://github.com/waiting-for-dev/devise-jwt).

If I were doing it now, I might stick with knock but I think I'd still implement the unauthenticated calls outside of GraphQL.

That being said, I'm seeing 53 issues in this gem dating back to 2016 and the last commit 2 years ago. All that doesn't really bode well for this gem being maintained...

sterrym avatar Jan 22 '19 15:01 sterrym

Hello!

I'm also facing this issue:

And what if I have some query for unauthenticated people?

before_action :authenticate catch all, right?

Is there any way to allow certain mutations to be executed by unauthenticated users?

heitorado avatar Jun 15 '20 02:06 heitorado