Authorization and the logOut Resolver

So far, we’ve implemented setting a cookie in the login resolver and have configured Apollo Studio to send it back on every request. However, we don’t do anything with this cookie when we receive it back.

Now, we’ll see how to read a user ID from a cookie and use it in resolvers for authorization. We will also see how we can implement the logOut mutation.

Reading incoming cookies

Let’s see how we can check an incoming JWT token and extract a user ID from it if it’s valid. If we get a valid user ID from a request, we pass it to the resolvers that handle user IDs using the GraphQL context.

As a reminder, we’re currently creating a context with Express request and response objects.

Get hands-on with 1400+ tech skills courses.