how bad of an idea is it to swap the RS256 token r...
# prisma-whats-newm
Miezan
10/14/2017, 1:21 AMhow bad of an idea is it to swap the RS256 token received from auth0 for a custom hs256 token to be used in authentication and authorization? ( I’ve tried many example of validating RS256 token using functions to no avail)
a
agartha
10/14/2017, 2:49 AMI am using an Auth0 rule to do so, so I don't need anything on the Graphcool side: https://github.com/graphcool/templates/pull/77
m
Miezan
10/14/2017, 2:19 PMI like this approach! would this still work if i’m using a SPA/React ? ( that option seems to turn off Token Endpoint Authentication Method - Post)
a
agartha
10/14/2017, 2:21 PMI wouldn't know why not. Where is it turned off?
m
Miezan
10/14/2017, 3:16 PMin Auth0 - Token Endpoint Authentication Method is set to None and grayed out
Miezan
10/14/2017, 3:39 PMdoes auth0 Rule editor supports es6? I see a bunch errors when pasting the auth0-rule.js
a
agartha
10/14/2017, 4:19 PMYes, the errors are safe to ignore. The runtime is better than the editor 🙂
m
Miezan
10/14/2017, 4:21 PMtrying the rule in the editor returns ERROR: Cannot read property ‘GRAPHCOOL_PAT1’ of undefined - ( i did had all the clientMetadata correctly)
a
agartha
10/14/2017, 4:22 PMYes, clientMetadata is not available in the editor, because it is specific to the client you are using
agartha
10/14/2017, 4:22 PMIt's not part of the test context
agartha
10/14/2017, 4:23 PMJust try the Auth0 authentication from an actual client, and paste the returned token on jwt.io. You will see that it contains an additional claim with the Graphcool token.
m
Miezan
10/14/2017, 4:54 PMthe client is returning - Cannot read property ‘User’ of undefined
a
agartha
10/14/2017, 4:56 PMIt seems it's not picking up on the clientMetadata then. Can you share exactly where you added the meta keys?
m
Miezan
10/14/2017, 4:58 PMAuth0 > Advanced Settings > Application Metadata
a
agartha
10/14/2017, 5:31 PMAnd you're sure that's the app you're using?
m
Miezan
10/14/2017, 6:00 PMeverything seems to be correctly set on the auth0 side, do i need to add the domain/ client/secret key in the graphcool project setting?
a
agartha
10/14/2017, 6:02 PMNo, you need to have the built-in Auth0 integration disabled for this
agartha
10/14/2017, 6:03 PMDid you add the three parts of the PAT without the dots?
m
Miezan
10/14/2017, 6:05 PMyes i have the PAT without the dots
Miezan
10/14/2017, 6:05 PMthe auth0 integration might be enable in a project let me check that
👍🏻 1
Miezan
10/14/2017, 6:13 PMok i ll clone ur repo and go from scratch with my graphcool instance and see if i can get that working first
a
agartha
10/14/2017, 6:14 PMOk. I've heard from previous users of my example that it worked for them. So unless Auth0 changed something again, it should work.
👍 1
m
Miezan
10/14/2017, 6:17 PMa
agartha
10/14/2017, 6:20 PMYou can only clone the entire functions repo, not just that folder.
agartha
10/14/2017, 6:20 PMBy the way, did you apply the schema change to your project?
agartha
10/14/2017, 6:21 PMFrom the .graphql file. Because the error you are getting on User seems to indicate that the query fails. So I suspect the auth0UserId field to be either missing, or not marked as unique
m
Miezan
10/14/2017, 6:25 PMi see the PR but i can’t seem to find a way to navigate to the PR files after cloning the templates folder
Miezan
10/14/2017, 6:26 PMim sure i had done it but i wil reapply that schema from the playground
Miezan
10/14/2017, 6:33 PMha found the repo - it was in a branch 😆
Miezan
10/14/2017, 6:44 PMalright i give up for today, will get back to it later tonight, thanks for your help
Miezan
10/14/2017, 10:32 PMnuked everything and restarted … IT WORKS!! Thank you very much !
🎉 1
a
agartha
10/14/2017, 11:33 PMGreat to hear! Sometimes it's nearly impossible to backtrack, and restarting over is the only option. I'm glad it works now
👍 1
✅ 1
3 Views