Hey guys, I'm trying to wrap my head around something in regards to GraphQL. Specifically, how can I make sure that a users email has been confirmed when I'm not using Auth0? Serviceside subscriptions are async, so too late. The request pipeline doesn't allow me to do something with read requests and the email-password auth integration is not modifiable...

@busk I would not use createUser for initial registration, use a different Type for that, do your async confirmation email sending, and only then (after the confirmation is received) create the actual user.

That's a great idea, thank you very much @agartha

In the transform_argument hook of your registration Type, you could query the User type, or you make email unique in your registration type as well. If all users go through that flow, then all emails are in that Type as well...

Great, thanks a lot for all of this input. There's still quite a bit I need to wrap my head around ^^

If you create a read permission for everyone on just the email field, you can also query it client side before even submitting

But that would mean I would publicly expose the emails of all user accounts... right?

Hmmm... Best to do that server-side then on second thought

little to add graphcool right now working on https://github.com/graphcool/feature-requests/issues/39

Well no, it says "Right now we will simply extend the updateUser mutation as described. We will not yet build the 5 features described in the original issue."

we will for sure get rid of the current limitations that restrict updating the password or email of a user 🙂 this allows developers to build their own workflow for email verification. at some point we will probably take what we learned from this and offer a more out-of-the-box experience.

@busk I guess that means you still need the described pattern...

Okay, thanks. I already found that github suggestion before and drew the same concerns 🙂

Someone should probably document that pattern, because it's a very common use case...