Comments (10)
I'm super-glad I pulled down your latest changes and stepped through the new Cashay-enabled/cached authentication. I think I actually have an informed opinion to share :)
I think it's safe to consider authentication as domain state, as the token is just data originated from a different backend.
I vote for (#1) Cashay (persist automatically using redux-persist)
Pros:
- Not wiring up another redundant datapath (i.e. fetch)
- As much state as possible in redux
- AuthEngine likely going to be owned by Cashay transport, right? Then keeping data close to Cashay just makes sense
Cons:
- Will have to consider carefully how token updates will be handled if we use
refreshToken
Alternatively, I could see (#4) Fetch + put in redux (persist automatically using redux-persist) being a good option. Imagine:
- No matter where the token comes from (i.e. the Lock component or from our server performing
refreshToken
) we dispatch an action that updates the token in the client's redux store - Reducers listen for this action and respond (hell, you could even extend Cashay's reducer to listen for this action to update all Transport tokens...)
- Serialization/persistence becomes a design choice for the implementor
Only thing is with #4, I think it'd still make sense for us to use our /graphql
endpoint (outside of Cashay) just so we don't have to (gulp) add a new REST endpoint. We could do this cleanly be writing our own duck that thunks.
I'm fine with either!
from parabol.
really good input! Currently, 1 is closest to how we have it set up right now, but when i started writing local-only mutations solely for the AuthEngine, I started to question myself. It's a great option for us. 4 is an interesting one because we actually get the authToken
from auth0, so we're already forced to used their REST backend. If we stick with auth0, we could directly call an action on an authToken
reducer, so it'd feel more generic. But, if we get it from our GraphQL server, then no matter how you slice it, we'll either have to use cashay or we'll have 2 locations for the same token.
tl;dr:
4 for a simple auth0-specific pattern
1 for a more complicated, highly flexible, pattern
from parabol.
Yeah, either 1 or 4. Be interesting to see what you end up going with!
from parabol.
4 is definitely cleaner for our immediate use. are you thinking about staying with auth0 for the life of the project?
from parabol.
For now, there aren't any immediate plans to switch away. It depends on business needs.
from parabol.
hmm, then i say let's go for 4. Friendlier codebase, easier to understand.
from parabol.
This will be closed by #82, correct?
from parabol.
yep, i think that's a good stopping point for the welcome-ui branch, will keep the Meeting
schema & socketization separate.
from parabol.
👍
from parabol.
Merged to master
in #82 .
from parabol.
Related Issues (20)
- Release test v7.9.0
- cork uWS methods HOT 2
- SAML: Allow manually uploading the metadata as XML HOT 1
- Show invited team members in gcal invite input
- Invite all team members checkbox is on by default in GCal
- Use 1-1 invite input in GCal
- GQLExecutor memory leak HOT 8
- Release test v7.10.0 HOT 1
- Fix active meetings menu position on mobile/tablet
- Kudos: send kudos in text in discussion threads
- Refactor NewMeetingTeamPicker menu to Radix
- Fix activity library category colours
- Support multi-part uploading for CDNs
- Old team always suggested
- Pararbol seems to crash with uWS on node v20 when no authorization header is received. HOT 2
- Recurring retros: add meeting setting
- Invert Insights feature flag
- Bug: duplicate OrganizationUser objects are created in some cases
- TypeError: Cannot destructure property 'integrations' of 'L' as it is null. HOT 1
- Send mention notifications for mentions without kudos in reflections
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from parabol.