Check: https://hasura.io/blog/best-practices-of-using-jwt-with-graphql/#server-side-rendering-ssr
- Set finger print in response cookie (https://github.com/hasura/jwt-guide/blob/60a7a86146d604fc48a799fffdee712be1c52cd0/lib/setFingerprintCookieAndSignJwt.ts#L8)
- Save refresh token in session store
- refresh token should be made more secure with the help of secure token rotation. Every time new token is requested new refresh token should be generated
- Return jwt in response
- To get session send finger print and refresh token [if they are valid -> a new access token is generated and sent to user]
- Refresh token should be long living token (refresh token + finger print hash should be verified)
- Rename
schema.graphqlsand re generate schema - Rename to snake case [files + schema]
- Refactor db models
- Check extra data in oauth profile and save accordingly
- Update all the resolver to make them compatible with schema changes
- Update JWT claims
- Write integration tests for all resolvers
- Multiple sessions for users to login use hMset from redis for this user_id access_token1 long_live_token1 user_id access_token2 long_live_token2
For the first version we will only support setting roles master list via env
- Support following ENV
-
ROLES-> comma separated list of role names -
DEFAULT_ROLE-> default role to assign to users
-
- Add roles input for signup
- Add roles to update profile mutation
- Add roles input for login
- Return roles to user
- Return roles in users list for super admin
- Add roles to the JWT token generation
- Validate token should also validate the role, if roles to validate again is present in request
- Fix email template
- Add support for organization name in .env
- Add support for organization logo in .env