Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added Code Hints to custom-session-jwt example Implementation #8936

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Added Code Hints to custom-session-jwt example Implementation #8936

wants to merge 1 commit into from

Conversation

ogheneovo12
Copy link

After Encountering a limitation With Http Only Cookies and Safari, i decided to switch Over to Jwt Session Strategy.
Followed The Approach provided in the example code here custom-session-jwt example.
The Example Had the token Signed Manually as shown below

keystone/examples/custom-session-jwt/keystone.ts

Lines 88 to 99 in 4e1cf3f

onConnect: async () => {
// WARNING: remove this
console.error(
'Use any of the following tokens as your `user={token}` cookie for testing this session strategy',
{
Alice: await jwtSign({ id: 'clh9v6pcn0000sbhm9u0j6in0' }), // admin
Bob: await jwtSign({ id: 'clh9v762w0002sbhmhhyc0340' }),
Eve: await jwtSign({ id: 'clh9v7ahs0004sbhmpx30w85n' }),
}
)
},
},

Spent a whole day trying to figure out where to generate the token for the authenticateWithPassword mutation to work right.

Finally cracked it by delving into the statelessSessions implementation code. Turns out, the sessionStrategy Start Method should return the signed Token.

Suggest adding a hint in the example to save newcomers like me the trouble of digging deep.

@codesandbox-ci CodeSandbox CI
Copy link

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

Latest deployment of this branch, based on commit 0b2a817:

Sandbox Source
@keystone-6/sandbox Configuration

@dcousens dcousens self-requested a review November 28, 2023 22:57
@dcousens dcousens self-assigned this Nov 28, 2023
@dcousens
Copy link
Member

I guess it depends on how you want this to work.
A common approach isn't to jwtSign on the Keystone 6 server at all, but maybe that isn't helpful to newcomers.

@ogheneovo12
Copy link
Author

Are there any specific reasons why the jwtSign shouldn't be used on the k-6 server and aside sessions what other authentication alternatives strategy would you recommend/suggest

@dcousens
Copy link
Member

dcousens commented Feb 12, 2024
edited

I can't really recommend anything, as these decisions are highly specific to how you are using Keystone 6 and your infrastructure architecture.

I understand your problem though, and I think adding jwtSign to the example could be helpful to newcomers. Maybe we need to add @keystone-6/auth too, as otherwise start and end are unused anyway.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dcousens dcousens Awaiting requested review from dcousens

Assignees

@dcousens dcousens

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ogheneovo12 @dcousens