aarona
commented
4 years ago Hey Jeff, thanks for props!
This is working pretty well for me. There are a bunch of things I want to add to this project like a token_version that you can increment when a user logs out invalidating all the other user's tokens. This would be good for password changes and a "log me out of all devices" feature. A few other things that I've gotten written down on a notepad somewhere so I definitely I want to continue working on this I just haven't had the time. Ideally, I'd like to do a port of graphql_devise for JWT support. I've considered doing a PR on that project but it would be a big undertaking as a lot of their code (how they send tokens and such to client via headers) would have to be moved into a module probably and then using a config setting it would determine the "auth strategy" - devise token or jwt for example.
You are welcome to contribute to this project if you'd like. Play around with it and if you find any issues post a ticket here for sure. There is one current "bug" that I've fixed but haven't pushed yet which that the default time for an access_token is 1.day. This should be 15.minutes. I was having weird issues where using a React client was causing authentication errors after not using the site for some time and coming back to it without a full page refresh. To fix this currently, you just need to uncomment the access_token setting in the initializer file that gets generated that correctly assumes 15.minutes as the default. For some reason that fixed the issue I was having.
Of course, I believe that this could be my lack of knowledge on React, rather than an issue with the gem itself. That leads me to the next question you had which was if I had an example app. I do have one! I just looked and I don't think its on my github. I'm heading to bed in a moment so I'll push it first thing tomorrow and post the repo link here in this thread. A couple of things though: It's very incomplete. I used it as a stepping stone for a project I'm working on for an actual client and so I've learned some since I made it and want to go back to the project and improve it. I've done some interesting things with protected routes and passing a custom rules (for example if a user has an admin role) for where the current user can access the route etc that I'd like to add to it. The site also doesn't have the ability to change passwords and other things that this gem supports so I'd like to add those features to the site also. If you're good at React, maybe you'd also like to contribute to that? I'm still learning React but have a decent grasp of it now. It would be good to get another set of eyes on it.
In a perfect world, I would have the time to write a devise like library that utilizes warden and is built from the ground up with APIs and GraphQL in mind. Let me know what you think about that.
jeffchuber
@aarona :wave: Thanks for working on this - this is definitely needed. It kinda blows my mind how many apps use things like
devise-jwtwith just really long expirations. (🚨 )The doorkeeper route is exceedingly confusing and poorly documented. I couldn't find 1 decent guide on how to do it.
I saw your comment over on
graphql_devise- does this gem "just work" with that?I saw in the
READMEhere that you were considering creating a mock example front-end/back-end app as well, and just curious if you had anything sitting on your local machine in that regard.Anyways, I saw that you haven't committed anything in 6 months, so mainly would love to get a sense of how happy you are with things right now, and possibly how I can help!