Auth token terminology #740
Comments
I'm not about temporary root tokens, because that could be misunderstood in the way that they're similar (in terms of how you can acquire and manage them) to permanent root tokens, which is not the case. The only similarity between them is that they grant access to all API operations, other than that they're very different in the way developers will be working with them. Maybe we could call temporary root tokens Function tokens instead?! If we stick to the root token terminology, I'd also rather make a clear distinction between tmp and permanent and actually call them permanent root tokens instead of only root tokens. |
I think I'd also prefer user token over node token, just because it's a bit more clear. I understand your reasoning that you can authenticate any type with such a token but these will in 99% of cases be some type of users. It should be clear however that the name user token is not actually derived from a type that's called |
It's |
Please include this naming strategy in |
The proposal as in the OP is accepted. |
There are several types of authentication tokens used in the context of Graphcool. Here is a naming proposal:
System Token
A token being used to authenticate a developer against the System API (for deployments etc) either from the Console or CLI. This token is not meant to be used manually be a developer. For convenience reasons the system token also has the capabilities of a root token.
Root Token
Created statically via the
graphcool.yml
file when deployed and can be retrieved by runninggc get-root-token my-token-key
. This gives full read and write access to all client APIs.Temporary Root Token
A temporary root token is instantiated before a function is called and automatically injected. A temporary root token is a root token that cannot be referenced outside this scope of the invoked function (e.g. via
gc get-root-token
) and expires after 5min (configurable viaserver.yml
).Node Token
A node token is for client-side authentication/authorization purposes (e.g. sign in with Facebook) and authenticates a specific data node of a certain type (for example a
User
node). A node token can be issued via thegenerateNodeToken(nodeId: string, typeName: string, payload?: ScalarObject)
function in thegraphcool-lib
library.The text was updated successfully, but these errors were encountered: