1:37 - What url did you enter to see "graphiql"? i already found it but as a general suggestion for the future use chrome so we can see your full url. This guide also does not work until i create a user model and specify a session store, if you run this on barebones rails api, graphicl doesnt even load.
Hi Kirill, thanks for the feedback! Ah yes, I generally find rails API mode doesn’t work out of the box with a lot of the third party gems I use, so I usually don’t bother with it, I’ll usually have a front end in rails + graphql. I’ll try and be more clear with the URLs, thanks again!
9:20 Setting an attr_accessor for the token like that is not thread-safe. It might work in dev mode but in prod with potentially multiple app threads, it won't persist for every request. You should store that kind of token in the session. The session cookie is either encrypted data or a secure random id with session data in the db.
This approach is completely thread safe, and by design we want the token only to be set on the one instance of the user model, in the current request. It’s a temporary place to have the token, for graphql to serialise it and then output it in the graphql response. It’s not designed to hang around or be persisted to the database etc. Hope that helps!
@@rapid-rubyThat's what I get for not watching the whole video, I thought you were going to use the ivar to validate the session on subsequent requests. Still, putting an attr_accessor on a model makes me queasy. I'd reccomend making it stateless with a custom resolver method with an authorization check on the token field to taste. As it is it looks to me like it works by accident.
Hey Somesh, I’m definitely planning more GraphQL content, I’ve a video on testing that will be out later this week. Are you using Apollo client with react? Or what front end framework?
Do you think globalID can be used as part of an authentication system, or was it just an easy way to store and decode the data for the purposes of this demo?
It’s very similar to JWTs which nobody seems to have a problem using for authentication, very widely used. I would use it, if you aren’t for example a bank, or something at high risk of being hacked. Hope that makes sense, anyone else let me know if I am very wrong :)
The same way we pass inputs to the login/register mutations, we can pass Params to queries, so you would just make a param for ‘page’ or ‘search’ etc. I’ll maybe try and cover this in a future video!
Please, please, please, no background music. I'm sure the content was very good, but I had to find another YT video because the background music was so distracting.
1:37 - What url did you enter to see "graphiql"? i already found it but as a general suggestion for the future use chrome so we can see your full url. This guide also does not work until i create a user model and specify a session store, if you run this on barebones rails api, graphicl doesnt even load.
Hi Kirill, thanks for the feedback! Ah yes, I generally find rails API mode doesn’t work out of the box with a lot of the third party gems I use, so I usually don’t bother with it, I’ll usually have a front end in rails + graphql. I’ll try and be more clear with the URLs, thanks again!
Thanks for this video.
You have good teaching skills.
That was awesome.
9:20 Setting an attr_accessor for the token like that is not thread-safe. It might work in dev mode but in prod with potentially multiple app threads, it won't persist for every request. You should store that kind of token in the session. The session cookie is either encrypted data or a secure random id with session data in the db.
This approach is completely thread safe, and by design we want the token only to be set on the one instance of the user model, in the current request. It’s a temporary place to have the token, for graphql to serialise it and then output it in the graphql response. It’s not designed to hang around or be persisted to the database etc. Hope that helps!
@@rapid-rubyThat's what I get for not watching the whole video, I thought you were going to use the ivar to validate the session on subsequent requests. Still, putting an attr_accessor on a model makes me queasy. I'd reccomend making it stateless with a custom resolver method with an authorization check on the token field to taste. As it is it looks to me like it works by accident.
@ehrenmurdick yeah there probably is a much nicer way of doing it, that sounds like a good idea!
please make a fully playlist for GraphQL with rails with apollo client
Hey Somesh, I’m definitely planning more GraphQL content, I’ve a video on testing that will be out later this week. Are you using Apollo client with react? Or what front end framework?
nice! thanks!
Do you think globalID can be used as part of an authentication system, or was it just an easy way to store and decode the data for the purposes of this demo?
It’s very similar to JWTs which nobody seems to have a problem using for authentication, very widely used. I would use it, if you aren’t for example a bank, or something at high risk of being hacked. Hope that makes sense, anyone else let me know if I am very wrong :)
and how can i filter ratings according to date range start date and end date as a params in graphql
The same way we pass inputs to the login/register mutations, we can pass Params to queries, so you would just make a param for ‘page’ or ‘search’ etc. I’ll maybe try and cover this in a future video!
Please, please, please, no background music. I'm sure the content was very good, but I had to find another YT video because the background music was so distracting.