Meteor Accounts and Apollo Client 2.0

none · October 30, 2017, 11:44am

Well… I add middlewareLink to my Apollo Client:

const middlewareLink = new ApolloLink((operation, forward) => {
  operation.setContext({
    headers: {
      'meteor-login-token': Accounts._storedLoginToken(),
    },
  })
  return forward(operation)
})

Now I have user and userId in context.

Is it safe to use this userId on serverside in resolvers? Can it be easily compromised?
Or I can use this context.userId without any doubts? I can’t use this.userId or Meteor.userId() in resolvers…

Maybe any suggestions?

none · October 30, 2017, 1:08pm

I’ve looked source code of createApolloServer
Looks secure enough (-:

a.com · October 30, 2017, 2:28pm

are you using meteor-apollo-accounts?

none · October 30, 2017, 2:36pm

No, acoounts-* from MDG

a.com · October 30, 2017, 8:36pm

mdg has an apollo and meteor accounts package or you wired it up yourself?

none · December 4, 2017, 7:33am

Now I’m switched to Auth0

a.com · December 4, 2017, 11:41am

Interesting. Has it been relatively seamless transition? How do you get a Auth0 user object in the context object on the server?

none · December 4, 2017, 12:04pm

It’s new project. So…without transition (-:
I decided to create mobile apps for Android on java, without Cordova, etc. So… accounts-* can’t help…

And main idea about Auth0 you can find here: https://launchpad.graphql.com/n4xk8xm87