Comments (52)
Hey everyone - we have started working on this :-)
from prisma1.
Hey @michaelpumo and everyone else π
We are currently running a closed beta for custom authentication that allows you to implement your own authentication logic. Examples for Google, Auth0 & more, but also Email/PW are available.
You can also use this to integrate with Twitter, AWS Cognito or Firebase Auth and other authentication solutions.
This feature also allows you to build your own workflows around forgot password/verify email for example. If you're interested in participating in the beta program, please reach out to me in Slack π
from prisma1.
Thanks for staying on top of this everyone and sorry for the inconvenience here! π
Amongst other exciting features, we recently pushed out multiple new data regions (see #61) which took longer than expected. We've been preparing a general approach to keep up with the feature requests surrounding authentication (including the features mentioned in this thread) and are now ready to fully commit on implementing it π
I hope you can hold out a little longer. Thanks for your patience! π
from prisma1.
Hi. I'm just wondering if I could get a rough estimate on when we will be able to update a users password.
from prisma1.
This feature would be the most critical for my business: currently, users who have registered and have misplaced their passwords have to manually reach out to me, I delete their account, then they have to create a new account (and thus loose data currently associated with their account).
from prisma1.
Hey @lastmjs, we'll discontinue the email password auth provider and all other integrations sooner rather than later.
An improve CLI version is currently being tested in early beta, where
we are testing a simple module concept amongst other things.
Modules come with a slightly worse "out-of-the-box" experience than auth providers, but instead of zero control previously, developers now have full control over functionality, the interface, evolving the code etc.
We're currently compiling a set of ready-made modules, one of which is the email-password
module: https://github.com/graphcool/modules/tree/master/authentication/email-password
Everyone in the community is invited to participate in the discussion for existing modules and to make suggestions for new ones. Apart from that, you are free to create your own modules to improve modularity and reusability in a Graphcool project.
Please reach out to me in a PM in the Forum if you're interested to participate in the beta now. We'll announce more information about the new CLI and which changes it brings soon.
from prisma1.
More biz logic:
Reset link expires after a short period of time
Reset link is single use only
from prisma1.
@sorenbs the most helpful feature would be a reset-password
function which sends out an email with a token (valid for 12h) where a user clicks on it and can specify a new password. I simply don't like the idea of sending plain passwords through email around, it feels old-school and unprofessional and kind of unsecure as well.
The reset password updateUser
mutation is great, but how can I validate that this user has the right to do so if he is not logged in?
from prisma1.
progress tracker?
from prisma1.
Another nice feature would be to have a refreshToken of some sort. It sounds like the current token expires in 30 days.
In my case I would want the token to be refreshed for another 30 days automatically from my app every time the user opens the app - without requiring them to input username and password again.
I could store username and password on the client side - but would like to avoid that if possible.
from prisma1.
That's not released yet, I'll write an update here when it's avaialbel π
from prisma1.
I don't think a verification e-mail will be part of this, since you can already built that on top of Graphcool.
We have a function using the Server Side Subscription:
subscription {
User(filter: {
mutation_in: [CREATED]
}) {
updatedFields
node {
id
email
}
}
}
Function (pseudo-code for brevity):
module.exports = event => {
const id = event.data.User.node.id
const email = event.data.User.node.email
const secret = getRandomSecret()
return storeSecretOnGraphcool(id, secret).then(() => sendVerificationEmail(email, secret))
}
Using a permanent access token for storing and Mandrill for sending the email. Make sure you set your permissions so that a user can't read or write his own secret.
For the actual verification our mutation looks like this:
mutation ($id: ID!, $secret: String!) {
updateUser(id: $id, secret: $secret, isVerified: true) {
id
isVerified
}
}
And the permission (for isVerified
and secret
fields, name your fields differently if you want to support anonymous authentication) to make sure the secret is correct:
query ($node_id: ID!, $user_id: ID!, $input_secret: String!) {
SomeUserExists(filter: {
AND: [
{
id: $node_id
},
{
id: $user_id,
secret: $input_secret,
isVerified: false
},
{
secret_not: null
}
]
})
}
Hope this helps!
A forgot password reset link can probably also be built on top of Graphcool as long as email and password are mutable.
from prisma1.
Resolver functions offer new workflows for custom authentication, that allow you to add most features mentioned in the OP. You can find example templates in this repository: https://github.com/graphcool/templates
Therefore, I'm closing this issue π Thanks a lot for all your feedback on this!
from prisma1.
I'm looking for this feature too, exactly this 4 steps are missing. Beside that: if connected to different Oauth services like Facebook, Twitter a merging into the same User might be nice
from prisma1.
With the new updateUser
mutation you have the ability to build your own infrastructure around this use case, including generating the token as you described. And on the other hand, it's the first step in offering more elaborate workflows as described in this issue π
from prisma1.
Looks good, thanks!
from prisma1.
Thanks for the feedback! We're currently working on integrating email/passwords in the updateUser
mutation. Using the mutation and the permission system, you can then build an elaborate email/password workflow using microservices.
from prisma1.
Just sent you a PM in the forum, @johhansantana π
from prisma1.
I'm also still waiting the reset password function. Please give some update about this..
from prisma1.
Definitely looking forward to this feature. If you guys need to take any inspiration or pointers, then I think the Firebase team do a really great set of authentication tools:
https://firebase.google.com/docs/auth/web/start
In addition to all your development, it would also be great to be able to modify any system emails to our liking. Perhaps an area in the console that we can edit email templates?
I think a solid authentication system is the foundation to using graph.cool in production. At the moment the lack of flexibility on authentication is the only thing holding me back right now.
Thanks for all your work ππΌ
from prisma1.
Am I correct when saying functions run with admin privileges automatically? The template said to create a PAT for each function but this wasn't needed. This is fine and actually probably more in line with expectations.
We'll clarify the mechanism for this going forward here: #219.
A way to get current logged in user would be nice though!
This is again up for discussion (same feature request as above), but here's a way how to currently do this: https://github.com/graphcool/modules/blob/master/authentication/email-password/src/loggedInUser.js
from prisma1.
Thanks @mypark. That input is super helpful. Keep us posted with more thoughts. We'll reach out with an API proposal soon.
from prisma1.
We will extend the updateUser mutation like this:
mutation {
updateUser(id: "existing-id", email: "optional new email", password: "optional new password")
}
You will be able to use the permission system to specify for example that only the user, only an admin or no-one should be able to update auth values.
We will store the new password securely, but not validate the new email
from prisma1.
@marktani looking forward for this feature!
from prisma1.
I'm curious about an update on the updateUser mutation as well - the updateUser mutation would be useful as the auth0 implementation has been causing me some grief and I'd prefer not to use the auth0 integration if possible.
from prisma1.
@sorenbs Thanks for prioritizing. Hope you guys can push it soon, I bet reset password and verification link features delay a good number of developers from going into production.
from prisma1.
Waiting and looking forward to this feature, would be nice to have this feature in my final production release. Thanks, graph.cool team, your work is awesome, extremely good!
from prisma1.
@lastmjs My understanding is that @marktani was referring to the preconfigured authentication providers (you can set them in the console by going into the User
type and clicking in the top-right corner) when he said they were migrating away from themβnot the custom email authentication processes, as mentioned here.
(just making sure I correctly understood what you said).
If it helps to know, I used to use the Email Auth Provider and recently migrated to the custom authentication system, because users werenβt able to reset their passwords or change their email addresses using the Email Auth Provider setting. Let me know if youβd like assistance with migrating.
from prisma1.
@kbrandwijk I really can't find it π
here's a screenshot
from prisma1.
I've been playing around with this and it really works nicely, good job!
Am I correct when saying functions run with admin privileges automatically? The template said to create a PAT for each function but this wasn't needed. This is fine and actually probably more in line with expectations.
A way to get current logged in user would be nice though!
from prisma1.
I would like to 1up this. Especially having no way to reset the password is painful.
Further, I'd like to remember that special use cases (expiration, single use of x-links, validation of password format, validation of username, validation of e-mail and so on) can be easily implemented as soon as #58 is in place.
from prisma1.
Hi @sorenbs it would be helpful for us developer to get a token for double-optin email auth. Any plans to include this?
from prisma1.
Hi @dohomi !
Right now we will simply extend the updateUser mutation as described. We will not yet build the 5 features described in the original issue.
would your use case be solved by the 5 features in the original issue?
from prisma1.
@sorenbs did you publish the updateUser
mutation already with the described changes? Inside of the playground the autocompletion doesn't show password
neither email
yet.
from prisma1.
still no update?
from prisma1.
I hope this feature will be implement before my production release. Thanks graph.cool team!
from prisma1.
With
mutation {
updateUser(id: "existing id", password: "new password")
}
Is it possible to require sending the old password for verification?
Related - for any field, is it possible to send both old and new values so we can use them in permission queries?
For example for my email verification flow I want to set isVerified
to true
and some secret
to null
, but only if the secret was known in the first place. I can probably solve this with two mutations but that won't always be the case.
from prisma1.
same here ... waiting for this feature
from prisma1.
I hope this includes "change password" mutation.
from prisma1.
any update on this? hard to go to production (and hence, pay money to graphcool) without password reset...
from prisma1.
Hold on, @tsdexter, it should be done soon... @marktani said itβs their top priority.
from prisma1.
@sorenbs any idea of when this will be ready? π
from prisma1.
Subscribing, also, any updates?
from prisma1.
Did you have a look at the Email/PW example? While it's still in beta, it's in a solid state. The examples in the repo show how the possibilities with custom authentication resolvers.
from prisma1.
Does this mean we have to make our own custom authentication provider to be able to update passwords? Is the updateUser mutation still being worked on to allow for updating the password with the graph.cool email provider?
from prisma1.
Does this mean we have to make our own custom authentication provider to be able to update passwords?
Yes, that's correct. We'll slowly transition away from the authentication providers in their current form towards custom authentication. A relevant discussion in the forum can be found here: https://www.graph.cool/forum/t/a-question-concerning-the-future-of-the-authentication-features/494
from prisma1.
Okay, so eventually there will be no email provider from graph.cool?
from prisma1.
I'm just wondering if it will be completed obsoleted and removed. If that's the case, I know I should probably just move to custom authentication sooner rather than later.
from prisma1.
Hi @marktani I can't seem to find the private message button in the forums :( I would like to participate in the beta as well.
from prisma1.
@johhansantana Click the 'message' button on this page: https://www.graph.cool/forum/u/nilan/ π
from prisma1.
If user has two merged providers (email/password and facebook) and user resets password then in result user would have only one provider (email/password) with new password. Facebook provider will be deleted from user's providers. But I need only to reset user's password.
How can I do it?
from prisma1.
Please ask your question in the Forum instead: https://graph.cool/forum/c/questions.
from prisma1.
Related Issues (20)
- Self-relation column order? HOT 1
- Prisma1 with Apple M1 HOT 7
- Mutations with disconnect=true on an relation that is not connected to anything fails with an error HOT 1
- Circular dependency while mocking the Prisma client using both approach singelton and context
- host.docker.internal not working on prismagraphql/prisma:1.34 on docker-compose (1.29.2) docker 20.10.9 CentOS 8.4.2105 HOT 1
- Intermittent P1001 - "Can't reach database server..." HOT 1
- `updatedAt` field not changing after running a connect operation via the update mutation HOT 1
- Prisma 1.34 documentation errors HOT 1
- Invalid Issue Documentation link HOT 1
- log4j - CVE-2021-4428 HOT 2
- The type of `where` part of `delete` function is wrong when using `@@unique`
- Prisma 1 Cloud was sunset on September 1st, 2022 HOT 3
- Error prisma1 deploy HOT 1
- Cascade delete not set on one-to-many relation HOT 1
- prisma1 introspect does not return anything
- updatedFields always returns an empty array HOT 1
- Prisma1 deploy throws 504 Gateway Time-out randomly HOT 2
- "Join" where result would have been a big data set throws an error (performance) HOT 1
- Issues adding or modifying records in Admin
- Prisma 1 was deprecated on Sept, 1st 2022 β Upgrade to the latest version of Prisma
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from prisma1.