Meteor Accounts and Apollo Client 2.0


#1

Well… I add middlewareLink to my Apollo Client:

const middlewareLink = new ApolloLink((operation, forward) => {
  operation.setContext({
    headers: {
      'meteor-login-token': Accounts._storedLoginToken(),
    },
  })
  return forward(operation)
})

Now I have user and userId in context.

Is it safe to use this userId on serverside in resolvers? Can it be easily compromised?
Or I can use this context.userId without any doubts? I can’t use this.userId or Meteor.userId() in resolvers…

Maybe any suggestions?


#2

I’ve looked source code of createApolloServer
Looks secure enough (-:


#3

are you using meteor-apollo-accounts?


#4

No, acoounts-* from MDG


#5

mdg has an apollo and meteor accounts package or you wired it up yourself?


#6

Now I’m switched to Auth0


#7

Interesting. Has it been relatively seamless transition? How do you get a Auth0 user object in the context object on the server?


#8

It’s new project. So…without transition (-:
I decided to create mobile apps for Android on java, without Cordova, etc. So… accounts-* can’t help…

And main idea about Auth0 you can find here: https://launchpad.graphql.com/n4xk8xm87