User Authentication
Authentication Flow Through GraphQL API
This document describes the steps needed to use the Propeller GraphQL API’s authentication features.
Important field are
- accessToken: This is the token that can be sent over to any other request using the authorization/Bearer token. This can be stored in a session/cookie with a ttl of the expirationTime
- refreshToken: This token can be used to fetch a new accessToken in the case the old activeToken times out. The refreshToken can be stored for a longer time.
- expirationTime: The lifespan of the accessToken. After you created the session we can now send the accessToken to each next request, please do so also for anonymous users.
curl https://api.helice.cloud/graphql
-X POST
-H "Accept: application/json"
-H "Authorization: Bearer {accessToken}"
-d "{{graphql_query}}"
Register a new User
When you have an anonymous session you can now upgrade the session to a registered user account.
We do this using the userRegister() mutation:
mutation UserRegister{
userRegister(
input: {
firstName: "John"
middleName: ""
lastName: "Doe"
email: "sander123@propel.us"
phone: "020-6717171"
gender: M
company: "Propeller"
password: "secret_password"
parentId: 109
}
) {
user {
id
userId
}
session {
accessToken
refreshToken
expirationTime
}
}
}
The userRegister() mutation generally does two things:
- It creates the user in the Propeller Backend
- It creates an authentication user in Google Identity Platform (GCIP)/Firebase for the given email and password. When the email address already exists in GCIP the api will throw an error.
The userRegister() mutation returns a RegisterUserResponse object with 2 fields.
- User: holds the full user data, as you would also get with the user and viewer queries.
- Session: A new session object with new accessToken, refreshToken and expirationTime. These tokens should replace the tokens stored earlier.