Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

README.md Guidance on Use Case: Save User To Server After Registration #22

Closed
keepforever opened this issue Aug 18, 2019 · 3 comments
Closed

README.md Guidance on Use Case: Save User To Server After Registration #22

keepforever opened this issue Aug 18, 2019 · 3 comments

Comments

@keepforever
Copy link

I was wondering if @Swizec, or anyone could offer any guidance as to how to persist a newly registered user on my server after "signup" via Auth0?

Before integrating useAuth, I had a login form that would collect, name, email, password, aboutMe, etc, then, hit my GraphQL server, create a user entry in my User table, and return a JWT for use in subsequent requests for editing properties in the user's model.

I'm not seeing a clear path forward on doing something similar with useAuth. Is this not a good use case for useAuth?

I think this would be a great addition to the examples folder if it is possible.
@puregarlic
Copy link

@keepforever I think you're right, I don't think there's a direct way to perform this workflow with useAuth as it stands today. This is what I would do:

  1. Have the user sign up using useAuth.
  2. After signup, redirect them to a page where they complete their signup (write their aboutMe and enter any other user information you need that you can't just get from useAuth).
  3. Send the user information along with their Auth0 id_token (this is the issue, there's currently no way to access this token) to your GraphQL server.
  4. On the server, verify that the id_token was issued by Auth0 using your tenant's JWKS.
  • If the id_token is invalid, return an error to the client.
  • If the id_token is valid, then read the user's ID out of the token and then write to your User table.

Then, you can include the id_token in all of your requests. I'm making some tweaks to useAuth to expose the Auth0 id_token and access_token in order to make this workflow possible.

I'm rather new to auth in general, so I'm definitely not an expert. I'd appreciate if someone else were to chime in as well.

@Swizec
Copy link
Owner

Swizec commented Aug 20, 2019

Great question @keepforever. The basic idea behind Auth0 and other auth providers like it, is that your server doesn't actually have user models. You're meant to leave that completely to the auth service.

However, you do sometimes need to authenticate users on the backend and do things in their name. Auth0 provides functionality to do that. I've used this guide in the past: https://auth0.com/docs/application-auth/legacy/server-side-web

You can see my code (before I had useAuth, but with Auth0) in this never-finished project: https://github.com/Swizec/threadcompiler.com

Other than that, I would do what @puregarlic recommends. I'm about to release a version that exposes the user's id_token to you :)

@Swizec
Copy link
Owner

Swizec commented Aug 20, 2019

@keepforever @puregarlic just published version 0.4.0, which exposes the full authResult object which contains your accessToken and idToken ✌️

https://github.com/Swizec/useAuth#users-access-tokens

@Swizec Swizec closed this as completed Aug 20, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Swizec @puregarlic @keepforever