Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix auth token checks / db permissions #30

Open
koo5 opened this issue Mar 23, 2021 · 4 comments
Open

fix auth token checks / db permissions #30

koo5 opened this issue Mar 23, 2021 · 4 comments

Comments

@koo5
Copy link
Owner

koo5 commented Mar 23, 2021

No description provided.

@koo5 koo5 changed the title fix token checks fix auth token checks / db permissions Mar 23, 2021
@koo5
Copy link
Owner Author

koo5 commented Mar 23, 2021

  • need to make hasura recognize the jwt that our server signed
  • need to click on the right icons in hasura admin to allow some operations and disallow others, based on user id
  • check that our server checks the jwt that our server signed

@koo5
Copy link
Owner Author

koo5 commented Mar 27, 2021

so, the jwt method isnt possible with nhost, so, i'd probably wait for when nhost has a svelte api, and then use their autho

@koo5
Copy link
Owner Author

koo5 commented Apr 4, 2021

koo5
:
so here's my problem: i have a fairly nonstandard idea about how authentication should work in my app. Any browser that comes to the website, my js code make a call to my node backend, which generates a user id, signs a jwt with that id, and sends it back. The token is saved in browser localstorage. As long as the user doesn't delete it or something, they are in possession of it. If they use the site for some time, it nags them to authenticate with google/whatever. When they do, i save the association into the db, so that at a later time, when they authenticate again, my backend finds this association and signs a jwt again, effectively logging the original user in. When i used hasura.io and auth0, i could do this (it's not fully implemented but principially i think), because hasura.io lets me specify the pubkey that hasura would use to verify tokens - i'd set it to correspond to the privkey that my node backend has.
[
7:35 PM
]
koo5
:
so.. (sorry for the word salad), does this sound like a scenario that the nhost auth api could support?
[
7:35 PM
]
elitan
:
@koo5 Yea we support that out of the box
[
7:36 PM
]
elitan
:
Do you have any specific issue? What frontend framework do you use?
[
7:36 PM
]
elitan
:
You might be interested in: https://github.com/nhost/nhost/tree/main/examples
[
7:42 PM
]
koo5
:
@elitan oh, gotta admit, i haven't studied the examples. All of them do this, localstorage and everything? I use svelte.
[
8:00 PM
]
koo5
:
ok, i see nhostRefreshToken, so far so good
[
8:01 PM
]
koo5
:
i guess i'd have to call the registration endpoint with some dummy email/username/password though?
[
8:04 PM
]
elitan
:
Yes

@koo5
Copy link
Owner Author

koo5 commented Apr 23, 2021

POC /login done.
now if we could tell nhost to redirect to the original url rather than having to have a fixed one in settings
another option is i guess to spawn a second, dev, nhost project, for localhost testing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant