-
Notifications
You must be signed in to change notification settings - Fork 867
Custom authentication providers #88
Custom authentication providers #88
Comments
I was thinking of doing this: On signup: On Login: On page loads (and any "logged in requests" really): Does anyone have any ideas on how secure this approach is? |
Oh idea! what I'll do is just create an endpoint on my server. This server will do the validation of the sessionkey, if it is good then it does a curl to graph.cool and returns the response. I can also have my server do any hashing/checking. The only problem is I pay 40$ a year for my server + domain + database of unlimited data. Graphql alone is $45 a month ($540/yr) or maybe $9/month ($108/yr). I needed a solution I could hand off to college income/spending kids. |
What we're rather thinking of is giving you a way to define the needed methods either in the form of microservices (AWS Lambda, Auth0 webtask, micro/now, Azure Functions) or by defining say JavaScript code right in the Console. That means little or no additional costs while you stay in control of authentication. So for example you would need to define these methods:
Your idea sounds flawed as a malicious client could simply bypass your server and curl Graphcool directly. |
Similar to #43, this can be further discussed here: https://www.graph.cool/forum/t/feedback-schema-extensions-beta/405. |
Offer a custom authentication provider that uses functions for signup/verification of tokens.
The text was updated successfully, but these errors were encountered: