GraphQL - 传递凭据的最佳方式
GraphQL - Best way of passing credentials
如果我有GraphQL query/mutation 需要传递登录信息,我应该怎么做?我应该在查询本身中传递它还是将它传递到请求的 headers 中?例如:
doSomethingThatRequiresLogin(
login: {
username: "some username",
password: "c29tZSBwYXNzd29yZA=="
},# should login be passed here or just put into the headers?
data: {
a: "b"
}
)
登录凭据应像这样放在 argument 中:
mutation Login($password, $username) { // put credentials here
login(password: $password, username: $usernameOrEmail) {
// belows are the field you want to return after user login
user {
username // return username is generally a common practice
token // just like what we usually do in a REST api
} // return the things client mutated/updated
errors{
...
// alternatively return a optional errors field
// when things go south
}
}
}
在您的 graphql 服务器中,您可以通过 args 访问凭据:
async function login(parent, args, context, info) {
const {username, password} = args // we get the credentials here
... // your password hashing and db stuff
return {
token,
user
};
}
如果我有GraphQL query/mutation 需要传递登录信息,我应该怎么做?我应该在查询本身中传递它还是将它传递到请求的 headers 中?例如:
doSomethingThatRequiresLogin(
login: {
username: "some username",
password: "c29tZSBwYXNzd29yZA=="
},# should login be passed here or just put into the headers?
data: {
a: "b"
}
)
登录凭据应像这样放在 argument 中:
mutation Login($password, $username) { // put credentials here
login(password: $password, username: $usernameOrEmail) {
// belows are the field you want to return after user login
user {
username // return username is generally a common practice
token // just like what we usually do in a REST api
} // return the things client mutated/updated
errors{
...
// alternatively return a optional errors field
// when things go south
}
}
}
在您的 graphql 服务器中,您可以通过 args 访问凭据:
async function login(parent, args, context, info) {
const {username, password} = args // we get the credentials here
... // your password hashing and db stuff
return {
token,
user
};
}