Prisma

I want to use the google api after they logged in with a google account

<@U5G5P9Z1B> :wave: going great, what about you?

Hi

Following Ray Wenderlich tutorial on iOS and graph.cool

Ran the following and didn’t seem to generate a schema - use the simple api endpoint from schema. 

apollo-codegen download-schema <https://api.graph.cool/simple/v1/cj3lz0rax54pw0108e3z7nrv7>  --output schema.json

Also is their maybe an option for a swift iOS project to download for the project?

I feel like my hands are tied everywhere I need them when deeling with users server-side. I can't get a JWT for a user and I can't get the user's plain-text password; I also can't update their email address or their password... I'm hoping these issues can be addressed, loving everything so far just need some more freedom

<@U5FTM4GQL> its comming you can see it on <https://github.com/graphcool/feature-requests/issues/39>

and you can get user on serverside :slightly_smiling_face: if you are using next for example and session

This sounds awesome, just not sure what next is. And do you mean a temporary session?

<https://github.com/zeit/next.js/pull/1141> here is pull request for session and auth you can add graphcool to it and you will be fine :slightly_smiling_face:

was albe to create the schema.json - need to be in correct directory

<@U5PNRG7HT> ah that's a great point :+1: 

Pasted image at 2017_06_07 01_31.png

Seems Github is unable to handle all our feature requests :slightly_smiling_face:

In Xcode in the .graphql file saying “func” ( my function) is a syntax error
 
 <http://dev.apollodata.com/ios/installation.html#installing-xcode-add-ons>
Followed above in Ray Wenderlich tutorial to get syntax highlighting, but guess it still does not understand .graphql extension ( and am not getting syntax highlighting)

Question: Can I retrieve effective permissions for the current user for a Type?

For example: when I query a list of Contacts, I would like to include in my query result if the current user has permission to create, so I know if the 'add' button in my frontend should be enabled/disabled

<@U5P82S230> that's only possible if that information is also stored in your data. How is your permission setup in that regard, who can create contacts in general?

So there's no way to retrieve 'effective permissions' for a User on a Type based on the permission queries you have set up for that Type. The logic can be quite complex, and I don't feel like recreating that logic on the client.

other than executing the respective operation, there's not a direct way for that, no

That's a great idea though, could you please create a new feature request? <https://github.com/graphcool/feature-requests>

I will. A simple example: I have a permission query setup that does not allow editing a Post if it has Comments. The permission query is easy enough, but enabling/disabling the edit button for a Post based on these rules would require duplicating that logic on the client. The server should be 'in charge' of business logic, so that would mean setting up a webtask for it. Being able to get the result of the permission query { permissions: { update: false } } in the initial query would be great.

I'll think about how to capture this in a feature request...

<@U5P82S230> thinking more about this, the permission system is extremely flexible, so you can't just ask if a user is able to update a node; you would need to ask if a user is able to execute a very specific mutation, right? because with the permission query system, you can allow/disallow a mutation based on the value of a certain field, or exclude/include fields for that permission

I think this needs more thought, I can imagine, for forms editing purposes, that it should be nice to do a tryCreate or tryUpdate, that actually goes through the permission queries, without persisting. This could be triggered in the onEdit event of a form field for example, and act almost like a validation system (actually, tryCreate/Update could call both permission queries and transform_argument event handlers).

For checking if you are allowed to create a new item, without actually creating the item, you are right that you can't run any permission queries that depend on the field values of the instance you're trying to create.

Maybe you can make a distinction between instance-dependant permission queries (result depends on field values of the instance itself) and non-instance-specific permission queries. The latter can be run before you know the actual instance.

This is something that needs some careful thought. I'll try to come up with a viable solution in my feature request, but there's a good chance I'll leave some open ends for you guys to figure out :slightly_smiling_face:

I tried my best: <https://github.com/graphcool/feature-requests/issues/231>. Good luck :slightly_smiling_face:

fixed my error needed to use the auto generated swift file from the .graphql file

Question regarding integration with auth0

`query user` returns correct answer when I sign my jwt with HS256, but not when I sign with RS256

But it seems that auth0-js now returns JWT token RS256 instead of HS256

<https://auth0.com/forum/t/auth0-returning-jwt-token-rs256-token-instead-hs256/5408>

I have no questions, just spreading some love in this good place :heart_eyes:

Where is the announcements channel by the way? ;-)

<@U50GAPCFR> there is none :open_mouth: we usually share big announcements in this channel. We also have a blog: <https://www.graph.cool/blog/> and a changelog: <https://www.graph.cool/docs/faq/graphcool-changelog-chiooo0ahn/>

Oh boy, I'm sorry I made you write all this, yes I'm aware of it, it was just a teaser to announce something lol 

no need to be sorry! there's enough things to be announced when the time is right haha

Doing a simple user query with Apollo where Bearer token is added, the query fails with Network error: Server response was missing for query 'undefined'. If I remove the Bearer token, the query succeeds but returns user:null. Any clues?

<@U4VU4K1ND> what is the raw HTTP response for the former query?

ah. It looks like you are part of the regions beta, is that correct?

can you pm me your project id? :slightly_smiling_face:

btw the token is from Auth0 and verifies at <http://jwt.io|jwt.io>

Is there a way to make auth0 integration to accept RS256 signed JWT token?

<@U5EGWLP2Q> we're working on that already - currently we only support `HS256` though. You can subscribe to this feature request to stay notified: <https://github.com/graphcool/feature-requests/issues/145>

for now you could downgrade to version 7 where `HS256` is still available

yes, for auth0-js I’ve downgraded to version 7

From my nativescript app, i use the auth0 authorization API directly

I’ll see if I can use auth0.js for my NativeScript

auth0-js for some reason need access to tty which nativescript obviously doesn’t provide

Going to try creating id_token from access_token

```
const rs = require('jsrsasign');
const rsu = require('jsrsasign-util');
const JWS = rs.jws.JWS;

const clientSecret = 'xxxxxxx';
const clientId = 'xxxxxxxx';
const domain = '<http://xxx.auth0.com|xxx.auth0.com>';
const userid = 'facebook|3498sdfasd5345';

const header = {
  typ: 'JWT'
};

const payload = {
  email_verified: true,
  sub: userid,
  iss: `https://${domain}/`,
  aud: clientId,
  exp: 1496879127,
  iat: 1496879127
};

const sJWS = JWS.sign('HS256', JSON.stringify(header), JSON.stringify(payload), clientSecret);

console.log(sJWS);
```

add `Authorization: Bearer ${sJWS}` to the header

awesome, do you think you could write up a quick FAQ article about this in our docs? <https://github.com/graphcool/content>

would be super cool! it can be a simple markdown file and I take care of the frontmatter stuff :stuck_out_tongue:

<@U0RQY0KK5> I’ve added a pull request to dev branch

that's awesome I'll have a look in the evening :pray:

hi <@U0RQY0KK5> i am experiencing a bug to do with a deleted field

I have a Customer type with a loginToken field which I have deleted. Now when I run the createCustomer mutation, I get an error saying `"Query does not pass validation. Violations:\n\nCannot query field 'loginToken' on type 'Customer'. Did you mean 'xxxx'?`

It seems like the old field is being cached somehow, thus affecting mutations. Query works fine

Hey <@U59R4DB42> :slightly_smiling_face: it looks like you have a SSS defined on the type `Customer` that still includes the `loginToken` field, is that correct?

you are absolutely correct <@U0RQY0KK5> !