authorizer/TODO.md

Task List

Implement better way of handling jwt tokens

Check: https://hasura.io/blog/best-practices-of-using-jwt-with-graphql/#server-side-rendering-ssr

• Set finger print in response cookie (60a7a86146/lib/setFingerprintCookieAndSignJwt.ts (L8))
• Save refresh token in session store
• refresh token should be made more secure with the help of secure token rotation. Every time new token is requested new refresh token should be generated
• Return jwt in response
• To get session send finger print and refresh token [if they are valid -> a new access token is generated and sent to user]
• Refresh token should be long living token (refresh token + finger print hash should be verified)

Open ID compatible claims and schema

• Rename schema.graphqls and re generate schema
• Rename to snake case [files + schema]
• Refactor db models
• Check extra data in oauth profile and save accordingly
• Update all the resolver to make them compatible with schema changes
• Update JWT claims
• Write integration tests for all resolvers

Feature Multiple sessions

• Multiple sessions for users to login use hMset from redis for this user_id access_token1 long_live_token1 user_id access_token2 long_live_token2

Feature roles

For the first version we will only support setting roles master list via env

• Support following ENV
  • ROLES -> comma separated list of role names
  • DEFAULT_ROLE -> default role to assign to users
• Add roles input for signup
• Add roles to update profile mutation
• Add roles input for login
• Return roles to user
• Return roles in users list for super admin
• Add roles to the JWT token generation
• Validate token should also validate the role, if roles to validate again is present in request

Misc

• Fix email template
• Add support for organization name in .env
• Add support for organization logo in .env