I'm working on a PWA developed with Next.js that has to read data from a Wordpress site and I'm pretty new to these technologies.
I have these Wordpress plugins installed:
- WPGraphQL
- WPGraphQL CORS
- WPGraphQL JWT Authentication
Specifically, the problem occurs in the initial "login form". This form requires the insertion of only an alphanumeric ID (not username/password). Upon submitting the form, a GraphQL query is run to the Wordpress endpoint using the ID in the "where" parameter of the query. Something like:
const GET_USER = gql`
query getTicket($ticketId: String) {
tickets(where: {ticketId: $ticketId}) {
nodes {
Ticket {
email
firstName
lastName
ticketId
}
}
}
}
`;
There is no problem with publicly accessible data, everything works. On the other hand, if I have to request private data (e.g. user email), I need to run an authenticated/authorized query (Authorization: Bearer <token_here>).
I know that in WPGraphQL JWT Authentication there are 2 tokens:
- authToken: duration of 5 minutes and then you need to use the refreshToken to generate another one
- refreshToken: 1 year duration
Considering that I do not require the user to enter a username / password in order to perform a mutation Login that allows to generate the tokens, what method can I use? Is there anything like a fixed token with no expiration (that would probably be a security flaw)?
Thanks
