Authentication in Relay & GraphQL

Question

I\'ve been working on an application using react and relay, and now I\'m stuck on implementing authentication.

I know that you can pass value to each graphql request th

Answer 1

I think your best bet is to study some of the starter kit. Unfortunately almost none of these kits provide a complete JWT implementation - many of them seem to only have a half done one.

Check out:

• Relay Authentication. Your mileage may vary - it covers the whole concept but has some bugs.
• Universal Relay Boilerplate. That one is pretty amazing and complete but is a beast and can be a bit overwhelming to work from since it also includes iOS/Android app creation.
• Relay Starter Kit. At the time of writing it only has FB auth setup (so no regular login form that works) through it does set a JWT cookie. I believe that migrating all their login routes to GraphQL is on the roadmap as right now it's a bit of a hybrid.

As far as your jwt/passport question. They are not mutually exclusive. Passport can handle jwt auth though personally I dont use it and work directly with a jwt library. It's not very hard to do - you can see it in the server file of the Relay Starter Kit.

JWT tokens are usually passed around the headers however there has been a shift towards storing these tokens in HttpOnly cookies (see this article). The upside of that method is that you don't need to deal with passing the token around with Relay.