I've been using a GraphQL backend as a service platform called Scaphold.io and I'm trying to implement social authentication with Auth0. However, when I enable the integration on the platform, I see three mutations. Which one is the preferred method to implement social auth?
Asked
Active
Viewed 305 times
1
-
1If you want to see how Auth0 and GraphQL work together in general, I've recently published this blog post: https://auth0.com/blog/building-an-instagram-clone-with-graphql-and-auth0/ – marktani Feb 10 '17 at 00:14
1 Answers
3
Great question! The short answer is that you should be using the loginWithAuth0 mutation. It's cleaner and requires less input variables. All you need to pass into the mutation is idToken that comes back from either Auth0 Lock or from verifying your accessToken with your auth provider. Once you've done that and logged in successfully, you should set the idToken in the Authorization header for future authenticated requests.
Here's a step-by-step guide with code examples to help you get started whether you're using Auth0 Lock or rolling your own OAuth flow: https://scaphold.io/community/blog/social-auth-graphql/
Also, here's a more generic guide to learning about GraphQL security with authentication and authorizing permissioning in your API: https://scaphold.io/community/blog/authentication-in-graphql/
And just to complete the story, the other two mutations resulted from an initial attempt at separating the the Auth0 Lock flow and rolling your own social login flow using the auth provider's native SDK (i.e. Facebook iOS SDK, or Google JS SDK), but will be deprecated soon.
vince
- 1,904
- 1
- 12
- 17
-
I see, I'm using Auth0Lock for this so I'll use the loginWIthAuth0 mutation. I'm not looking to roll my own solution. – Khallil Mangalji Feb 10 '17 at 05:01