Problem setting cookies in custom auth [RC.437]

Hi all, finally getting to implementing my strange use case in redwood, ported over to the new RC so I can use the custom auth. My use case is similar to dbAuth, the issue is my users come from a separate system that doesn’t have OAuth or any other protocols, so have to do it myself.

Basically, I’ve added a new auth.sdl with login, register, etc., and modified the authDecoder and the getCurrentUser functions. I made a custom client for the Web side, but that’s not my priority at the moment (seems to work, so far).

So I have register and login working, which return a token, however I now need my requireAuth to check for a token and I’d like to pass it as a cookie from the api side, so I don’t have to manually send it on web. I’ve been playing around with envelop, but can’t seem to figure out how to access the response headers.

This is my current login, to give context:

export const authLogin: MutationResolvers['authLogin'] = async ({ input }) => {
  let user: User;
  try {
    user = await db.user.findUniqueOrThrow({ where: { email: input.email } });
  } catch (e) {
    if (e?.code === 'P2025') {
      throw new RedwoodGraphQLError('User not found.');
    }
    logger.warn('Unknown error in Login', e);
  }
  console.log(user.passwordHash);
  const match = await bcrypt.compare(input.password, user?.passwordHash);

  if (!match) {
    throw new RedwoodGraphQLError('Incorrect password.');
  }
  const token = jwt.sign({ id: user.id, roles: user.roles }, process.env.SESSION_SECRET, {
    expiresIn: '7d',
  });

  return { id: user.id, token };
};

So the idea is that if I could set the token here as a cookie (in the same method dbAuth does), it would send automatically from the front end. Please correct me if I’m wrong, and I appreciate the help.

Thanks :slight_smile:

Hi @JIGutierrez. Awesome to hear that you’re already playing with the new auth in our RC release :slightly_smiling_face:

I’d like to help you get this working, but I don’t know envelop well enough to point you in the right direction without some code to play around with. What you’re describing sounds good in theory, so we should be able make this work.

Could you create a GitHub repo with what you’ve got so far? If the system you’re integrating with isn’t open I guess you’ll have to come up with a way of simulating it, which could be a bit of a pain, but for me, that’s probably the easiest way to help you