Read Graphcool token safely outside Graphcool function

[marktani]

Issue by kbrandwijk Thursday Oct 26, 2017 at 18:18 GMT Originally opened as https://github.com/graphcool/prisma/issues/1051

---

What feature are you missing? A way to read the contents of a Graphcool token outside of a Graphcool function. I want to use 'current user' in a Gateway, but with user not available anymore, I need to get the information out of the token. But in a safe way, and I can't validate the signature.

I have a workaround, where I deploy a resolver function to my Graphcool endpoint that returns context.auth to me, so I can call this function to get the validated information out of the token, but it would be nice to be able to do that directly.

How could this feature look like in detail? Tradeoffs? ?

[marktani]

Comment by kbrandwijk Saturday Oct 28, 2017 at 21:32 GMT

---

I have created an example here that uses such a resolver function to validate the authorization token: https://github.com/kbrandwijk/graphcool-gateway-examples/tree/master/current-user.

What would be helpful is, of this query would be automatically generated for your endpoint.