From 81afd9d78ff1e01b7c66ad313460f3f0cf9dd726 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Tue, 29 Jun 2021 13:07:04 +0200 Subject: [PATCH] jwt thoughts and fixes --- backend/src/graphql/resolvers/UserResolver.ts | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/backend/src/graphql/resolvers/UserResolver.ts b/backend/src/graphql/resolvers/UserResolver.ts index fbabff7fd..e5a7725e4 100644 --- a/backend/src/graphql/resolvers/UserResolver.ts +++ b/backend/src/graphql/resolvers/UserResolver.ts @@ -51,7 +51,12 @@ export class UserResolver { } // create and return the json web token - return jwt.sign({ result }, CONFIG.JWT_SECRET, { expiresIn: CONFIG.JWT_EXPIRES_IN }) + // The expire doesn't help us here. The client needs to track when the token expires on its own, + // since every action prolongs the time the session is valid. + return jwt.sign( + { result, role: 'todo' }, + CONFIG.JWT_SECRET /* , { expiresIn: CONFIG.JWT_EXPIRES_IN } */, + ) // return (await apiPost(CONFIG.LOGIN_API_URL + 'unsecureLogin', login)).result.data // const loginResult: LoginResult = await loginAPI.login(data) // return loginResult.user ? loginResult.user : new User()