Meteor Accounts and Apollo Client 2.0

Well… I add middlewareLink to my Apollo Client:

const middlewareLink = new ApolloLink((operation, forward) => {
    headers: {
      'meteor-login-token': Accounts._storedLoginToken(),
  return forward(operation)

Now I have user and userId in context.

Is it safe to use this userId on serverside in resolvers? Can it be easily compromised?
Or I can use this context.userId without any doubts? I can’t use this.userId or Meteor.userId() in resolvers…

Maybe any suggestions?

I’ve looked source code of createApolloServer
Looks secure enough (-:

1 Like

are you using meteor-apollo-accounts?

No, acoounts-* from MDG

mdg has an apollo and meteor accounts package or you wired it up yourself?

Now I’m switched to Auth0

Interesting. Has it been relatively seamless transition? How do you get a Auth0 user object in the context object on the server?

It’s new project. So…without transition (-:
I decided to create mobile apps for Android on java, without Cordova, etc. So… accounts-* can’t help…

And main idea about Auth0 you can find here: