0

I'm writing a fullstack application using MERN and I need to provide authentication using JWT-tokens. My code looks like:

router.use(GraphQLHTTP(
(req: Request, res: Response): Promise<any> => {
    return new Promise((resolve, reject) => {
        const next = (user: IUser, info = {}) => {
            /**
             * GraphQL configuration goes here
             */
            resolve({
                schema,
                graphiql: config.get("isDev"), // <- only enable GraphiQL in production
                pretty: config.get("isDev"),
                context: {
                    user: user || null,
                },
            });
        };
        /**
         * Try to authenticate using passport,
         * but never block the call from here.
         */
        passport.authenticate(['access'], { session: false }, (err, loginOptions) => {
            next(loginOptions);
        })(req, res, next);
    })
}));

I want to provide a new generation of tokens and through GraphQL. In doing so, I need to check whether the user has used the correct method of authentication. For example, to get a new access token, you need a refresh token, you need to log in using the password and e-mail for the refresh token. But using a passport implies that after authentication I will simply have a user.

How should I proceed?

Danylkaaa
  • 151
  • 1
  • 11
  • What do you mean with 'a new generation of tokens and through GraphQL'? Usually after login you get a access token and refresh token and later, whe the access token is expired you use the refresh token to get a new one. Pls. click on edit to correct and clarify your question. – jps Apr 23 '18 at 08:43
  • @jps MERN - mongo express react node – Danylkaaa Apr 23 '18 at 08:44
  • ok, thanks, didn't know that. – jps Apr 23 '18 at 08:47
  • @jps if lifetyme of refresh-token is over (because lifetime of refresh-token also is not infinite), user must log in again and then he receives new payloads. I think, I should use mutations like getRefresh():String, signup(email:String!, password:String!):Payload, getAccess():String. – Danylkaaa Apr 23 '18 at 08:48

0 Answers0