Authorization and the logOut Resolver
Learn how to implement authorization in GraphQL resolvers.
So far, we’ve implemented setting a cookie in the login
resolver and have configured Apollo Studio to send it back on every request. However, we don’t do anything with this cookie when we receive it back.
Now, we’ll see how to read a user ID from a cookie and use it in resolvers for authorization. We will also see how we can implement the logOut
mutation.
Reading incoming cookies
Let’s see how we can check an incoming JWT token and extract a user ID from it if it’s valid. If we get a valid user ID from a request, we pass it to the resolvers that handle user IDs using the GraphQL context.
As a reminder, we’re currently creating a context with Express request and response objects.
Get hands-on with 1200+ tech skills courses.