klionthree.blogg.se - Graphql as a universal database abstraction

#Graphql as a universal database abstraction code#

If you want to get rid of the flickering, we have to load the user on the server side so that you can apply server-side rendering. Now that you understand the mechanics behind the token handler pattern, let's have a look at how we can remove the flickering on the first page load. Once complete, refresh the page, and you'll see the flickering effect. You can click the login button to start the login flow. If you look at Chrome DevTools and open the preview of the page, you'll notice that the page is rendered with the user object set to null. If you open the demo and head over to the client-side-user page, you'll notice that there's a flickering effect after the page is loaded, that's because the fetchUser call is happening on the client. If we're wrapping this "fetchUser" call into a useEffect hook which we place at the root our each page, we'll always know what the current user is. Once this is done, you're able to initiate the authentication flow from the frontend, fetch the current user from the backend, and logout. First, you have to tell the backend what Identity providers to work with so that it can act as a Reyling Party. If the user clicks logout, we'll call a function on the backend that will invalidate the cookie.Īll this might be a lot to digest, so let's summarize the essential bits.

This way, the frontend always has access to the user's information while logged in.

with the cookie set, the user is redirected back to the frontendįrom now on, when the client calls the fetchUser method, it will automatically send the cookie to the backend.

the access and identity token are used to set a secure, encrypted, http only cookie on the client.

#Graphql as a universal database abstraction code#

the backend then exchanges the authorization code for an access and identity token.

if the authentication is successful, the identity provider redirects the user back to the backend.

the user authenticates at the identity provider.

the backend redirects the user to the identity provider.

the frontend redirects the user to the backend (relying party).

How does the authentication flow look like from the users' perspective? This way, our backend can provide a seamless authentication experience, while developers can choose between different identity providers, like Keycloak, Auth0, Okta, Ping Identity, etc. As we're speaking in the context of OpenID Connect, our "backend" is compatible with any service that implements the OpenID Connect protocol. What's a Relying Party you might ask? It's an application with an OpenID Connect client that outsources the authentication to a third party. That's because our "backend" is acting as an OpenID Connect Relying Party. While very secure, it also allows us to stay agnostic to the identity provider.īy applying the token handler pattern, we can easily switch between different identity providers. The token handler pattern is the most secure way to handle authentication in modern JavaScript applications.

The pattern that we're using behind the scenes to make authentication that simple is called the "Token Handler Pattern". If you're using HTTP/2, it's also possible for client and server to apply header compression, which means that the cookie doesn't have to be sent in every request as both client and server can negotiate a map of known header key value pairs on the connection level. We're implicitly send the secure, encrypted, http only cookie that was set by the server, which our client has no access to.įor those who don't know, http only cookies are automatically attached to each request if you're on the same domain. You'll notice that we're not sending any client credentials, token, or anything else.