https://graphcool.slack.com/archives/general/p1467147901000060 +1

Hooray, love slack. @schickling, I'd love an invite to mess around with graph.cool, I have a couple of application ideas that I'd love to play around with 🙂

Hi @lajlev + @bslinger! Sorry to keep you waiting. We’re working on some very exciting new features which we want to finalise before we onboard new users to our early access. I hope you can bare with me for another 1-2 weeks? 🙂

@schickling: No problems - I’ll be evaluating a number of different options for a GraphQL backend, but won’t be getting into any serious development for a little while so will wait to see what your next release offers!

ive done a short formation about graphql and presented graph cool and it has impressed my collegue

keep that great works 😉

Awesome! Thanks so much for your great feedback @tychota! We’ll soon reach out and present our new features! 🙂

I think beginners in gql fear authentication and permission stuff (i did also feared a while ago) and graph.cool make it works out of the box. That is so good.

It’ll become even easier soon! 🙂

can't wait

What is the best practice to obtain an authorization token for lokka

Is the token different everytime?

And how long is the token valid?

In the docs for “security” it says that we need to add the token as a header to lokka. But don’t we need lokka already just to get the token?

Hi @rene! Please use the

signinUser(email: String!password: String!)

to obtain a token. This is a JWT(oken) which is supposed to be provided via the

Authorization

header and needs to be prefixed by "Bearer"

The header would for example look like this

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VySWQiOiJjaW9xOTVvZWMwMmtqMDFvMG9uam9wcGY5IiwiaWF0IjoxNDY0NDY4NzE4fQ.l-X5GwS-eRovpyOcgSix27nci1wgHl7aOKGOe0yD5d0

And yes, the token will change everytime.

A token expires after 30days from last usage.

@schickling: Ah thanks 🙂

One more question though

what rights to i need to for “signinUser"

which of the fields needs which permission?

i.e. do I have to allow READ access for password or email to being able to call it?

Hi Rene 🙂 You don’t need to enable any permissions on the user to use the signin mutation. After you sign in though the user will only have access to the fields that explicitly grants permission. That would typically be with an

Authenticated

or

Guest

permission

Hi sorenbs 🙂 Thanks for clarifying

I am trying to wrap my head around your webhook system, and it doesn’t seem very flexible. I am used to creating a hook like afterCreate, User type, send http call with parameters, and get a response back. I don’t quite understand your system. The only thing I see is the ability to enter one URL for the entire project, and I can’t specify when, the type, or the data that needs to be sent. Am I missing something?

did you check the docs (http://docs.graph.cool/docs/webhooks/) on that matter? however, we are preparing major changes for the webhook system to indeed increase flexibility and user experience.

Yea, I read the docs, but I don’t think I am understanding them correctly

right now though, you will get POST requests for

NODE_CREATED

,

NODE_UPDATED

,

NODE_DELETED

and more

to the URL you enter in your project settings