MERN Stack & GraphQL - #9 Authentication (Part 1)

In this tutorial, we begin implementing session auth in GraphQL. If you are unsure about sessions vs. tokens, you might want to first check out Authentication on the Web https://youtu.be/2PPSXonhIck This episode is also based on express-session middleware, so if it sounds novel to you, please watch Session Authentication in Express https://youtu.be/OH6Z0dJ_Huk Before we get into auth, we'll set up a local .env file to manage config variables, and simplify password validation to make it more user-friendly. Our .env is only intended for dev environment, so we don't hard-code secrets and other vars into our source code. See the reasoning behind it in this video https://youtu.be/14zY-u9EBCU Once env vars and validation are squared away, we'll dive headfirst into auth. We'll start by incorporating express-session, then creating an auth module with helper functions to keep the code DRY, and finally wiring it up to user resolvers. Because in-memory sessions are non-persistent, meaning they are cleared out when the server shuts down, and because nodemon restarts our server frequently when in dev, we'll use a Redis session store to keep our sessions alive between reboots. Redis is a perfect key-value cache storage for sessions, because it allows to create temporary entries that auto-expire after a given TTL (time to live). To integrate with Redis, we'll configure our app with connect-redis https://www.npmjs.com/package/connect-redis As far as setting up Redis, I decided to go with RaaS or Redis-as-a-Service offered by Redis Labs https://redislabs.com It offers a free tier that we can use for development. Otherwise, you could spin up a local Redis server on localhost:6379, or connect to a Docker container instead. In the follow-up video, we'll flesh out our auth functions, finish login, register, and logout functionality, and conclude with a demo. See you then!