search

wp-graphql / wp-graphql-jwt-authentication

Authentication for WPGraphQL using JWT (JSON Web Tokens)
GNU General Public License v3.0
337 stars 74 forks source link

Check if user is logged in #150

Open popeating opened 2 years ago

popeating commented 2 years ago

Is there an endpoint, that based on jwt (or refresh token) tell me if im logged n?

im actually using the user query with my usename and jwt, but it feel quiete unsecure, i mean i can pass any username registered on the system

i would prefere an endpoint like /me that return the current user/owner of jwt

thank you

ojohnny commented 2 years ago

The endpoint you are looking for is called viewer, which returns information about the currently logged in user, no need to specify any username at all. viewer is null if you are not logged in.

Something as simple as this will do:

query Viewer {
  viewer {
    id
  }
}

...but of course you can get more user information from the same object if you want, such as username, email, avatar or the current auth and refresh tokens.

query Viewer {
  viewer {
    avatar {
      url
    }
    email
    username
    jwtAuthToken
    jwtRefreshToken
  }
}
Khadreal commented 2 years ago

The endpoint you are looking for is called viewer, which returns information about the currently logged in user, no need to specify any username at all. viewer is null if you are not logged in.

Something as simple as this will do:

query Viewer {
  viewer {
    id
  }
}

...but of course you can get more user information from the same object if you want, such as username, email, avatar or the current auth and refresh tokens.

query Viewer {
  viewer {
    avatar {
      url
    }
    email
    username
    jwtAuthToken
    jwtRefreshToken
  }
}

I tried querying the viewer endpoint to get jwtRefreshToken but getting Cannot query field \"jwtRefreshToken\" on type \"User\". error