I have established a working flow in using Auth0 jwt to authenticate to my API. It currently follows a REST architecture. The Auth0 token is passed in a http-only cookie, and it provides an Auth user ID, which I have used to pull user-specific records from a database, as well as confirm the identity of the individual calling the API through the client.
My question is, how do I replicate this pattern in a graphQL architecture? I am currently using Postgraphile and Relay, however I am struggling to see how I can securely pass the Auth user ID in an HTTP only way to minimize vulnerabilities. Is there a way this can be done in a graphQL request?
Subscribe to get latest updates