Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow to have private and public tokens for single client #329

Open
iBobik opened this issue May 4, 2023 · 0 comments
Open

Allow to have private and public tokens for single client #329

iBobik opened this issue May 4, 2023 · 0 comments
Labels
enhancement New feature or request

Comments

@iBobik
Copy link

iBobik commented May 4, 2023

Your use case

I have private token for privileged calls in server functions, public token to unauthenticated calls on a frontend which can be upgraded to user's personal token by login.

All this is for single API, just different permissions.

Introspection needs to use private token to see whole schema (public tokens see only entities and mutations they have access to). SSR needs to receive public token unless user's token was received in cookie.

The solution you'd like

Client config like:

default: {
  host: process.env.GQL_HOST,
  token: process.env.GQL_TOKEN,
  publicToken: 'hardcoded_public_token',
  ssrToken: 'hardcoded_public_token',
},

or:

default: {
  host: process.env.GQL_HOST,
  token: process.env.GQL_TOKEN,
  retainToken: 'hardcoded_public_token',
},

Possible alternatives

Currently I have to write a lot of custom logic in a gql:auth:init hook.

Additional information

No response
@iBobik iBobik added the enhancement New feature or request label May 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@iBobik