jkettmann/relay-authentication

Extending to use the OAuth passport strategies

papigers opened this issue · 6 comments

Hi, first of all thanks this "starter kit".

I'm trying to extend the given authentication code to enable the users to also authentication using OAuth via Facebook, Google, etc...
My problem is that OAuth involves callbacks, the result of the login is only accessible on the callback url, from there I somehow need to call a mutation which will update to rootValue.

I know that generally, i can authenticate without mutation, simply passing the user id to the graphql rootValue/context, but the right way should be with mutations since it enables me to notify the store to update the fields. Am I wrong?

Hey, thanks for your feedback. That's a good feature for further development I think.

As I understand it, you want to call for example facebook api to login on the client, receive the token etc in a callback and then save the result on the server, right? I would create a new Mutation for that or add fields to the existing LoginMutation.

And yes your right, by using a mutation the Relay store would get updated with the new user data.

I will try to add this when I find some time ;)

Exactly, the problem is, how to call the mutation from the callback? The callback route is defined and run on the server, and has no relation to the client's store.

Thanks for the quick response, btw.

Ah, I think you want to use the passport npm module, right? Sorry overread that. So in the end the workflow is a bit different from what I described above?

The user triggers the login on the client, then the server gets a request and uses passport to authenticate the user via facebook etc. There you use the callback route, which gets called by the facebook servers, when the login procedure is done.

That's of course a bit tricky. The first thing, that comes to my mind, is subscriptions for real-time updates. But at the same time that seems to be a bit too much overhead and shouldn't be the purpose of subscriptions.

What about handling the login process on the client. Isn't there a workflow where you trigger the login on the client and receive a callback after login success? Then you could trigger the mutation in that callback. Sorry I'm not that versed in third party logins at the moment...

Yes, I intend to use passport, but generally speaking I think every oauth implementation involves creating a callback route, to be called by the identity provider.

Anyway, your idea seems pretty good, I'll explore a bit more and update when I've got useful info. Thanks!

Ok, after some exploring, this is the best solution I have in mind:

Pass the express-graphql middleware the request as a rootValue/context. The request will either hold req.user if you use express-jwt, or req.cookies holding your user information.
Once this is done the graphql server will have the information required for identifying the user, what is left to redirect to some custom route, from there the client will issue a blank mutation (no input is required), and the server will return the information of the authenticated client, so the client store would be updated.

I also guess this can be done with any authentication method, and saves the need from creating a mutation for each provider.
Something similar can probably also be done using session-based authentication instead of token-based.

Haven't tested it yet but I'll update once I will.
Thoughts?

Coo, sounds good. Let me know when you tried it.