执行经过身份验证的 keystone.js/GraphQL API 查询 [英] Perform an authenticated keystone.js / GraphQL API query

问题描述

我是 Keystone.js 和 GraphQL 的新手.到目前为止，我已经能够成功执行以下 API 查询(取自这个 页面) 通过 POST 请求:

I am new to Keystone.js and GraphQL. So far I have been able to successfully execute the following API queries (taken from this page) via a POST request:

const SIGNIN = `mutation signin($identity: String, $secret: String) {
  authenticate: authenticateUserWithPassword(email: $identity, password: $secret) {
    item {
      id
      name
    }
  }
}`;

// Returns id and name of authenticated user

和

const GET_ALL_POSTS = `query GetPosts {
  allPosts {
    name
    id
  }
}`;

// Returns id and name of all posts (if no access controls)

如果我为列表Post访问控制> 我按预期从第二个查询中收到访问错误，但我无法工作，然后如何对 allPosts 执行经过身份验证的查询，例如我要:

If I set access controls for the list Post I get an access error from the second query as expected, but I can't work how to then perform an authenticated query for allPosts, e.g. I want:

• (以编程方式)通过用户的电子邮件和密码对用户进行身份验证
• 如果成功，运行 allPosts 查询并返回结果

• To (programatically) authenticate a user by their email and password
• If successful, run a query for allPosts and return the results

我做错了什么?

推荐答案

答案是首先提交下面的查询，验证您的用户并生成访问令牌:

The answer is to first submit the query below, to authenticate your user and generate an access token:

query: `mutation ($identity: String, $secret: String) {
  authenticate: authenticateUserWithPassword(email: $identity, password: $secret) {
    token
  }
}`

然后通过将提供的令牌添加到您的请求标头中来验证后续查询:

Subsequent queries are then authenticated by adding the provided token to your headers of your request with:

'Authorization: Bearer <token>'.

更多信息此处.

更一般地说，GraphQL 游乐场非常值得一看适合刚接触 keystonejs 和 GraphQL 的任何人.

More generally, the GraphQL playground is well worth a look for anyone getting into keystonejs and new to GraphQL.

这篇关于执行经过身份验证的 keystone.js/GraphQL API 查询的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！