Skip to content
This repository has been archived by the owner on Mar 22, 2021. It is now read-only.

How to use this gem with graphql gem? #194

Open
ghost opened this issue Nov 25, 2017 · 6 comments
Open

How to use this gem with graphql gem? #194

ghost opened this issue Nov 25, 2017 · 6 comments

Comments

@ghost
Copy link

ghost commented Nov 25, 2017

How to use this gem with graphql gem?

@christopherstyles
Copy link

You can include the Knock::Authenticable module in your graphql_controller just as you would any other controller. For example:

class GraphqlController < ActionController::Base
  include Knock::Authenticable

  before_action :authenticate

  def execute
    # snip...
    context = {
      # Query context - +current_user+ is available when authenticated:
      current_user: current_user,
    }
    # snip...
    render json: result
  end
end

For running queries in Graphiql, I’m currently using https://github.com/skevy/graphiql-app so that I can add the Bearer token to an Authentication header (adding custom request headers isn’t currently supported in the main graphiql tool).

@ghost
Copy link
Author

ghost commented Feb 6, 2018

And what if I have some query for unauthenticated people?

before_action :authenticate catch all, right?

@sterrym
Copy link

sterrym commented Feb 15, 2018

@christopherstyles This is totally great. One question - I need to have some GraphQL mutations (createUser, signIn) skip authentication. I'm wondering if it would be better to:

  1. move the knock authentication success into the GraphQL context or
  2. if it's possible to skip the :authenticate filter within a specific mutation/type somehow?

If you have thoughts on this, I would dearly love to hear them! 🥇

@matejLukasik
Copy link

@sterrym Have you ever figured out how to do this? If so, how?

@sterrym
Copy link

sterrym commented Jan 22, 2019

@matejLukasik Unfortunately (for this thread), we ended up going a different direction on the app we were working on and didn't use the knock gem at all. We ended up doing unauthenticated calls as regular API calls which created the JWT for us using the devise-jwt gem (https://github.com/waiting-for-dev/devise-jwt).

If I were doing it now, I might stick with knock but I think I'd still implement the unauthenticated calls outside of GraphQL.

That being said, I'm seeing 53 issues in this gem dating back to 2016 and the last commit 2 years ago. All that doesn't really bode well for this gem being maintained...

@heitorado
Copy link

Hello!

I'm also facing this issue:

And what if I have some query for unauthenticated people?

before_action :authenticate catch all, right?

Is there any way to allow certain mutations to be executed by unauthenticated users?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants