Authtentication

General

Currenty the token can only be recieved if you use a standalone account.

Get a token

Create a GraphQL mutation query. Take the "login" mutation and make sure you fetch the token + the refresh token.

mutation Login(email: String, password: String) {
  login(email: $email, password: $password) {
    token
    refresh_token
  }
}

The result should look like this:

Take the token and the refresh token and store them in a secure way. Make sure you do not save them in local storage (for web application).

The difference between both keys is just the lifetime and the purpose. While you always need to use the token to recieve data from our api the refresh token is only used to get a new token. This is important to unterstand because the lifetime of the first token is really short (5 min).

Get a refreshed token

mutation RefershToken($token: String) {
  refreshToken(token: $token) {
    token
  }
}

The output should look like this:

Use the token

The token can be passed to the backend by atttaching it as a header variable:

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL2dyZWVuZ2FnZS1iYWNrZW5kLXN0YWdpbmc6OTAwMC9ncmFwaHFsIiwiaWF0IjoxNzQyODE2ODQ4LCJleHAiOjE3NDI4MjA0NDgsIm5iZiI6MTc0MjgxNjg0OCwianRpIjoiVUlXT0I5VmxvZmVLUWpDdSIsInN1YiI6IjllODIwYzk4LWZiYWMtNDM3MC1iMjRiLTVkODUwNDdhMjNhNSIsInBydiI6IjIzYmQ1Yzg5NDlmNjAwYWRiMzllNzAxYzQwMDg3MmRiN2E1OTc2ZjciLCJyZWZyZXNoX3Rva2VuIjpmYWxzZSwibmFtZSI6Ik1hbnVlbCIsImZpcnN0bmFtZSI6bnVsbCwibGFzdG5hbWUiOm51bGwsImF2YXRhciI6bnVsbCwiZW1haWwiOiJtYW51ZWwuaWhsQG1lLmNvbSIsInBlcm1pc3Npb25zIjpbXX0.fTplVot_WbQl2tELuWqZ22zlyXo6963TkNJubytfBME

If the token is valid -> you will recieve the data. If the token is unvalid due to lifetime issues or because you do not have the permission -> an error will be thrown.