edit

Auth Tokens

Scaphold seamlessly handles user authentication for you. Each Scaphold application comes with a default User model which includes a username and password that are used to authenticate your users. We securely encrypt and store each user's password as well as ensure that they are not readable.

Token

Logging in a user is simple. Use the loginUser mutation we provide you and we will return a JSON Web Token (JWT) if the credentials match. To authenticate a user, you simply set the Authorization HTTP header of your request with the format Bearer {TOKEN_FROM_LOGIN_USER}.

This token informs your API what user is logged in at any given time and enables our permissions system to layer access control rules on your data.

Example loginUser query

1
2
3
4
curl -X POST https://us-west-2.api.scaphold.io/graphql/scaphold-graphql \
  -H "Content-Type: application/json" \
  -d '{"query": "mutation LoginUserQuery ($input: LoginUserInput!) { loginUser(input: $input) { token user { id username createdAt } } }",
    "variables": { "input": { "username": "elon@tesla.com", "password": "SuperSecretPassword" } } }'
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
import request from 'request';

const data = {
  "query": `mutation LoginUserQuery ($input: LoginUserInput!) {
    loginUser(input: $input) {
      token
      user {
        id
        username
        createdAt
      }
    }
  }`,
  "variables": {
    "input": {
      "username": "elon@tesla.com",
      "password": "SuperSecretPassword"
    }
  }
};

request({
  url: "https://us-west-2.api.scaphold.io/graphql/scaphold-graphql",
  method: "POST",
  json: true,
  headers: {
    "content-type": "application/json",
  },
  body: data
}, (error, response, body) => {
  if (!error && response.statusCode == 200) {
    console.log(JSON.stringify(body, null, 2));
  } else {
    console.log(error);
    console.log(response.statusCode);
  }
});

The above command returns an object structured like this:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
{
  "data": {
    "loginUser": {
      "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0ODI4ODI0ODgsImlhdCI6MTQ4MTU4NjQ4OCwiYXVkIjoiNDRiZTA4NmYtYmYzMy00OTk3LTgxMzYtOWMwMWQ5OWE4OGM0IiwiaXNzIjoiaHR0cHM6Ly9zY2FwaG9sZC5pbyIsInN1YiI6IjcifQ.TDRtD5vD7MIVrViDgVMThhzOzE_teufTo51a4GZ3aGA",
      "user": {
        "id": "VXNlcjo3",
        "username": "elon@tesla.com",
        "createdAt": "2016-12-08T20:43:14.000Z"
      }
    }
  }
}

Important: Use the token in the response in the header of future requests as:

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0ODI4ODI0ODgsImlhdCI6MTQ4MTU4NjQ4OCwiYXVkIjoiNDRiZTA4NmYtYmYzMy00OTk3LTgxMzYtOWMwMWQ5OWE4OGM0IiwiaXNzIjoiaHR0cHM6Ly9zY2FwaG9sZC5pbyIsInN1YiI6IjcifQ.TDRtD5vD7MIVrViDgVMThhzOzE_teufTo51a4GZ3aGA