中继与认证GraphQL [英] Authentication in Relay & GraphQL
问题描述
我一直在使用React和Relay开发应用程序,但是现在我仍然坚持实施身份验证.
I've been working on an application using react and relay, and now I'm stuck on implementing authentication.
我知道您可以通过GraphQL resolves函数中可用的上下文将值传递给每个graphql请求.
I know that you can pass value to each graphql request through the context which is available in GraphQL resolves functions.
我对传递的内容和方式感到困惑.
I'm more confused about what to pass for it and how.
使用JSON Web令牌,通行证更好吗?以及我应该如何为用户传递标识符?
Is it better to use JSON Web token, passport, something else? And how should I pass the identifier for the user?
基本上我在问什么, 什么是最适合接力赛的:jwt,护照,其他东西?以及如何通过中继进行连接.谢谢!
Basically what I'm asking, What is best suitable for Relay: jwt, passport, something else? And how to hook it up with relay. Thanks!
推荐答案
我认为您最好的选择是学习一些入门工具包.不幸的是,这些工具包中几乎没有一个提供完整的JWT实施-其中许多工具似乎只完成了一半.
I think your best bet is to study some of the starter kit. Unfortunately almost none of these kits provide a complete JWT implementation - many of them seem to only have a half done one.
退房:
- 中继身份验证.您的里程可能会有所不同-它涵盖了整个概念,但存在一些错误.
- 通用继电器样板.该程序非常惊人且完整,但是却是一头野兽,由于它还包括iOS/Android应用程序的创建,因此工作起来可能有点不堪重负.
- 继电器入门工具包.在撰写本文时,它仅通过FB身份验证设置(因此无法正常工作的常规登录表单)会设置JWT Cookie.我相信将所有登录路径迁移到GraphQL的路线图上都是正确的,因为现在它有点混杂.
- Relay Authentication. Your mileage may vary - it covers the whole concept but has some bugs.
- Universal Relay Boilerplate. That one is pretty amazing and complete but is a beast and can be a bit overwhelming to work from since it also includes iOS/Android app creation.
- Relay Starter Kit. At the time of writing it only has FB auth setup (so no regular login form that works) through it does set a JWT cookie. I believe that migrating all their login routes to GraphQL is on the roadmap as right now it's a bit of a hybrid.
关于您的jwt/passport问题.它们不是互斥的. Passport可以处理jwt auth,尽管我个人不使用它,而是直接与jwt库一起使用.这并不是很难-您可以在
As far as your jwt/passport question. They are not mutually exclusive. Passport can handle jwt auth though personally I dont use it and work directly with a jwt library. It's not very hard to do - you can see it in the server file of the Relay Starter Kit.
JWT令牌通常在标头周围传递,但是已经转向将这些令牌存储在 HttpOnly cookie中(请参阅此
JWT tokens are usually passed around the headers however there has been a shift towards storing these tokens in HttpOnly cookies (see this article). The upside of that method is that you don't need to deal with passing the token around with Relay.
这篇关于中继与认证GraphQL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
