authorizer/TODO.md

# Task List

## Implement better way of handling jwt tokens

Check: https://hasura.io/blog/best-practices-of-using-jwt-with-graphql/#server-side-rendering-ssr

- [x] Set finger print in response cookie (https://github.com/hasura/jwt-guide/blob/60a7a86146d604fc48a799fffdee712be1c52cd0/lib/setFingerprintCookieAndSignJwt.ts#L8)
- [x] Save refresh token in session store
- [x] refresh token should be made more secure with the help of secure token rotation. Every time new token is requested new refresh token should be generated
- [x] Return jwt in response
- [x] To get session send finger print and refresh token [if they are valid -> a new access token is generated and sent to user]
- [x] Refresh token should be long living token (refresh token + finger print hash should be verified)

## Open ID compatible claims and schema

- [x] Rename `schema.graphqls` and re generate schema
- [x] Rename to snake case [files + schema]
- [x] Refactor db models
- [x] Check extra data in oauth profile and save accordingly
- [x] Update all the resolver to make them compatible with schema changes
- [x] Update JWT claims
- [x] Write integration tests for all resolvers

## Feature Multiple sessions

- Multiple sessions for users to login use hMset from redis for this
  user_id access_token1 long_live_token1
  user_id access_token2 long_live_token2

# Feature roles

For the first version we will only support setting roles master list via env

- [x] Support following ENV
  - [x] `ROLES` -> comma separated list of role names
  - [x] `DEFAULT_ROLE` -> default role to assign to users
- [x] Add roles input for signup
- [x] Add roles to update profile mutation
- [x] Add roles input for login
- [x] Return roles to user
- [x] Return roles in users list for super admin
- [x] Add roles to the JWT token generation
- [x] Validate token should also validate the role, if roles to validate again is present in request

# Misc

- [x] Fix email template
- [x] Add support for organization name in .env
- [x] Add support for organization logo in .env
feat/role based access (#50) * feat: add roles based access * feat: update roles env + todo * feat: add roles to update profile * feat: add role based oauth * feat: validate role for a given token 2021-09-20 05:06:26 +00:00			`# Task List`

Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00			`## Implement better way of handling jwt tokens`

			`Check: https://hasura.io/blog/best-practices-of-using-jwt-with-graphql/#server-side-rendering-ssr`

			`- [x] Set finger print in response cookie (https://github.com/hasura/jwt-guide/blob/60a7a86146d604fc48a799fffdee712be1c52cd0/lib/setFingerprintCookieAndSignJwt.ts#L8)`
			`- [x] Save refresh token in session store`
			`- [x] refresh token should be made more secure with the help of secure token rotation. Every time new token is requested new refresh token should be generated`
			`- [x] Return jwt in response`
			`- [x] To get session send finger print and refresh token [if they are valid -> a new access token is generated and sent to user]`
			`- [x] Refresh token should be long living token (refresh token + finger print hash should be verified)`

fix: refactor schema for open id claim standards 2021-12-22 05:21:12 +00:00			`## Open ID compatible claims and schema`

			- [x] Rename `schema.graphqls` and re generate schema
			`- [x] Rename to snake case [files + schema]`
			`- [x] Refactor db models`
			`- [x] Check extra data in oauth profile and save accordingly`
			`- [x] Update all the resolver to make them compatible with schema changes`
			`- [x] Update JWT claims`
feat: add tests for all resolvers 2021-12-24 00:57:39 +00:00			`- [x] Write integration tests for all resolvers`
fix: refactor schema for open id claim standards 2021-12-22 05:21:12 +00:00
Feat/multiple session (#64) * fix: disable windows build * feat: add ability to handle multiple sessions 2021-10-27 17:45:38 +00:00			`## Feature Multiple sessions`

			`- Multiple sessions for users to login use hMset from redis for this`
			`user_id access_token1 long_live_token1`
			`user_id access_token2 long_live_token2`

feat/role based access (#50) * feat: add roles based access * feat: update roles env + todo * feat: add roles to update profile * feat: add role based oauth * feat: validate role for a given token 2021-09-20 05:06:26 +00:00			`# Feature roles`

			`For the first version we will only support setting roles master list via env`

			`- [x] Support following ENV`
			- [x] `ROLES` -> comma separated list of role names
			- [x] `DEFAULT_ROLE` -> default role to assign to users
			`- [x] Add roles input for signup`
			`- [x] Add roles to update profile mutation`
			`- [x] Add roles input for login`
			`- [x] Return roles to user`
			`- [x] Return roles in users list for super admin`
			`- [x] Add roles to the JWT token generation`
			`- [x] Validate token should also validate the role, if roles to validate again is present in request`
feat: add responsive email template + support for org env Resolves #52 2021-10-03 21:47:50 +00:00
			`# Misc`

			`- [x] Fix email template`
			`- [x] Add support for organization name in .env`
			`- [x] Add support for organization logo in .env`