graphql/yoga-server/tutorial/advanced/01-authentication

[giscus[bot]]

graphql/yoga-server/tutorial/advanced/01-authentication

GraphQL Yoga Documentation

https://the-guild.dev/graphql/yoga-server/tutorial/advanced/01-authentication

[enri90]

I'm unable to save cookies containing a JWT token after a user has been authenticated using a mutation. I've tried using both HTTP and Express, but I can only seem to read cookies and not write them. I'm using Yoga GraphQL version 3, and my goal is to store the cookie in response to a valid login with a user's credentials.

[canastro]

I'm having the same issue. Were you able to fix it @enri90 ?

To provide a bit more context, I'm using sveltekit, graphql-yoga and pothos. I pass the event.cookies from sveltekit into the context and then use it to get/set cookies. Getting cookies is working as expected, setting cookies are not being reflected in the return response of graphQL.handleRequest

[si4dev]

In case your application needs to deliver also public pages without authentication then I would suggest not to perform the user lookup in the database within the createContext function.
Simply return the only the token in the authenticateUser() function to prevent the await for the database. And when needed in the resolver you can find the unique user.
This will prevent to find the user for every (public+authenticated) graphql request. Especially on public pages the performance is important.

[arthursimas1]

Totally Agree!

Further on, I would recommend using JWT access+refresh tokens, where the access token should have the necessary data to complete an authenticated request (e.g. the user id and its roles), enabling access control without the need to query database for every request