Message of the day:
Anything GraphQL and SilverStripe related.
likes GraphQL. The same API, but not the hassle of REST or SOAP
There's a difference between protecting the user and creating a possible point of entry for malicious intent 😉
Users are a danger to security, but sadly we still have to work with those 😄
No, as caching is a danger to security
@tractorcow caching module next? 😉
Multiple authenticator tokens per user 🙏
Looks great, pretty much what I wanted to do myself after I made this PoC implementation and lost (track of) time to fix it all up 🤗
https://github.com/Firesphere|@Firesphere would love to discuss this with you before merging; See you on slack maybe?
Overview of changes in general order of most significant to least
• Return type of all validate / create mutations has been consolidated and normalised. The standard response is now a
MemberToken type with these fields:
• Member (the member)
• Token (string token)
• Valid (bool valid flag)
• Status (enum status code of the token)
• Code (int HTTP code that matches the status)
• Message (string message of humanised status code)
• Multiple authenticator tokens per user; Allows multiple devices to have their own tokens.
• Anonymous authentication is now shifted up into a custom Authenticator class; Support injectable authenticators into createToken mutation. Removed
• When logging in anonymously, create a
real member object to better integrate with silverstripe security logging / auditing practices.
• Bump minimum dependency to php 7.1: strict_types are everywhere too.
• Updated tests and documentation of course
• Support multiple schemas (graphql 3.0 and above).
• Relative path supported for JWT tokens
• Updated renewal process to support separate token / refresh expiration dates
• I gave every file my Love. Green ticks everywhere.
https://github.com/Firesphere|@Firesphere if you merge, I suggest branching master -> 1 first, as this is a new 2.x major change.Hide attachment content
I've done some work on @firesphere’s JWT module. We had a bunch of changes we'd made internally, but I've finally made the time to open source them. 😛
I think SS's implementation was created before the PSR became "non-draft" so isn't quite conforming, iirc. But it's the same idea.