### Configure Composer.json to Reduce Installation Size (Extra) Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/docs/getting-started/installation.md Add this configuration to the 'extra' block in your composer.json file to specify which Google packages to include, further optimizing installation size. ```json "extra": { "google/apiclient-services": ["Oauth2"] } ``` -------------------------------- ### Configure Composer.json to Reduce Installation Size (Scripts) Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/docs/getting-started/installation.md Add this script to your composer.json file to clean up Google packages during installation, reducing the overall size of your project dependencies. ```json "scripts": { "pre-autoload-dump": "Google\\Task\\Composer::cleanup" } ``` -------------------------------- ### Start Local Docusaurus Development Server Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/README.md Starts a local development server for Docusaurus. Changes are reflected live without server restart. ```shell yarn start ``` -------------------------------- ### Install Docusaurus Dependencies Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/README.md Installs the necessary dependencies for the Docusaurus project using Yarn. ```shell yarn install ``` -------------------------------- ### Install GraphQL Authentication Plugin with Composer Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/docs/getting-started/installation.md This command installs the GraphQL Authentication plugin for Craft CMS using Composer. It requires you to navigate to your Craft project directory first. ```bash cd /path/to/project composer require jamesedmonston/graphql-authentication ``` -------------------------------- ### Twitter Authentication Flow (GraphQL) Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/docs/usage/social.md Facilitates authentication through Log in with Twitter. The process starts with the `twitterOauthUrl` query to get an authorization URL. After user authentication on Twitter, they are redirected back with `oauthToken` and `oauthVerifier` parameters. These are then used in the `twitterSignIn` mutation to obtain JWT tokens and user information. ```APIDOC query TwitterOauthUrl { twitterOauthUrl } /* Example Response: { "data": { "twitterOauthUrl": "https://api.twitter.com/oauth/authorize?oauth_token=..." } } */ mutation TwitterSignIn($oauthToken: String!, $oauthVerifier: String!) { twitterSignIn( oauthToken: $oauthToken oauthVerifier: $oauthVerifier ) { jwt jwtExpiresAt refreshToken refreshTokenExpiresAt user { id fullName } } } /* Example Response: { "data": { "twitterSignIn": { "jwt": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJDcmFmdENNUyIsImlhdCI6MTYwNzIyMjg5MywiZXhwIjoxNjA3MjI0NjkzLCJzdWIiOi...", "jwtExpiresAt": 1607224693, "refreshToken": "eu5l-FkvTaWEzIt38QFR8ETx5PIS706P", "refreshTokenExpiresAt": 1614998893, "user": { "id": "1", "fullName": "James Edmonston" } } } } */ ``` -------------------------------- ### Apple OAuth and Sign-In Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/docs/usage/social.md Guides users through the process of authenticating with Apple using GraphQL. It involves fetching an OAuth URL, redirecting the user, and then signing them in with the received code and state. ```APIDOC Apple Authentication: 1. Get Apple OAuth URL: Query: appleOauthUrl Description: Retrieves the authorization URL for Apple Sign In. Returns: - appleOauthUrl (string): The URL to redirect the user to for Apple authentication. 2. User Authentication via Apple: Redirect the user to the URL obtained from `appleOauthUrl`. After successful authentication, Apple redirects the user back to your specified Redirect URL with 'code' and 'state' as POST parameters. 3. Sign In with Apple: Mutation: appleSignIn Description: Authenticates and registers users using the code and state received from Apple's redirect. This mutation handles both authentication and user creation. It may throw a 'Cannot find matching user' error if registration is disabled and no user with that email exists. Parameters: - code (string): The authorization code received from Apple. - state (string): The state parameter received from Apple. Returns: - jwt (string): The JSON Web Token for the authenticated user. - jwtExpiresAt (integer): The expiration timestamp for the JWT. - refreshToken (string): The refresh token for obtaining new JWTs. - refreshTokenExpiresAt (integer): The expiration timestamp for the refresh token. - user (object): Information about the authenticated user. - id (string): The user's unique identifier. - fullName (string): The user's full name. Note: If 'Permission Type' is set to 'Multiple Schemas', specific mutations like `appleSignInUser` or `appleSignInBusiness` may be available. ``` ```graphql query AppleOauthUrl { appleOauthUrl } mutation AppleSignIn($code: String!, $state: String!) { appleSignIn(code: $code, state: $state) { jwt jwtExpiresAt refreshToken refreshTokenExpiresAt user { id fullName } } } ``` -------------------------------- ### Microsoft OAuth and Sign-In Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/docs/usage/social.md Guides users through the process of authenticating with Microsoft using GraphQL. It involves fetching an OAuth URL, redirecting the user, and then signing them in with the received code and state. ```APIDOC Microsoft Authentication: 1. Get Microsoft OAuth URL: Query: microsoftOauthUrl Description: Retrieves the authorization URL for Microsoft Login. Returns: - microsoftOauthUrl (string): The URL to redirect the user to for Microsoft authentication. 2. User Authentication via Microsoft: Redirect the user to the URL obtained from `microsoftOauthUrl`. After successful authentication, Microsoft redirects the user back to your specified Redirect URL with a 'code' query parameter. 3. Sign In with Microsoft: Mutation: microsoftSignIn Description: Authenticates and registers users using the code and state received from Microsoft's redirect. This mutation handles both authentication and user creation. It may throw a 'Cannot find matching user' error if registration is disabled and no user with that email exists. Parameters: - code (string): The authorization code received from Microsoft. - state (string): The state parameter received from Microsoft. Returns: - jwt (string): The JSON Web Token for the authenticated user. - jwtExpiresAt (integer): The expiration timestamp for the JWT. - refreshToken (string): The refresh token for obtaining new JWTs. - refreshTokenExpiresAt (integer): The expiration timestamp for the refresh token. - user (object): Information about the authenticated user. - id (string): The user's unique identifier. - fullName (string): The user's full name. Note: If 'Permission Type' is set to 'Multiple Schemas', specific mutations like `microsoftSignInUser` or `microsoftSignInBusiness` may be available. ``` ```graphql query MicrosoftOauthUrl { microsoftOauthUrl } mutation MicrosoftSignIn($code: String!, $state: String!) { microsoftSignIn(code: $code, state: $state) { jwt jwtExpiresAt refreshToken refreshTokenExpiresAt user { id fullName } } } ``` -------------------------------- ### Get Authenticated User Details (GraphQL) Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/docs/usage/user-details.md Fetches the currently authenticated user's ID and full name using the `viewer` query. This is a read-only operation. ```APIDOC query Viewer { viewer { id fullName } } // Returns: { "data": { "viewer": { "id": "1", "fullName": "James Edmonston" } } } ``` -------------------------------- ### Add Custom JWT Validation Constraint (PHP) Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/docs/usage/modifying-jwts.md This example shows how to add custom validation rules to JWTs. By listening to the JwtValidateEvent, developers can integrate specific checks, such as verifying an 'IssuedBy' claim, ensuring the token's integrity beyond the default secret key validation. ```php config; $validator = new IssuedBy('Custom Validator'); $config->setValidationConstraints($validator); } } ``` -------------------------------- ### Deploy Docusaurus Website to GitHub Pages Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/README.md Builds the website and deploys it to the 'gh-pages' branch, suitable for GitHub Pages hosting. ```shell GIT_USER= USE_SSH=true yarn deploy ``` -------------------------------- ### Build Docusaurus Static Website Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/README.md Generates static content for the website into the 'build' directory, ready for hosting. ```shell yarn build ``` -------------------------------- ### Register User Mutation Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/docs/usage/authentication.md Enables new user registration with email, password, full name, and optional custom fields. Returns authentication tokens and user information. ```APIDOC mutation Register { register( email: "james@testingthings.com" password: "testing123" fullName: "James Edmonston" customField: "A value" ) { jwt jwtExpiresAt refreshToken refreshTokenExpiresAt user { id fullName ... on User { customField } } } } // returns { "data": { "register": { "jwt": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJDcmFmdENNUyIsImlhdCI6MTYwNzIyMjg5MywiZXhwIjoxNjA3MjI0NjkzLCJzdWIiO...", "jwtExpiresAt": 1607224693, "refreshToken": "eu5l-FkvTaWEzIt38QFR8ETx5PIS706P", "refreshTokenExpiresAt": 1614998893, "user": { "id": "1", "fullName": "James Edmonston", "customField": "A value" } } } } ``` -------------------------------- ### GraphQL Password Management Mutations Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/docs/usage/authentication.md Provides documentation for GraphQL mutations used in password management workflows. This includes initiating a password reset via email and setting a new password using a reset token. ```APIDOC mutation ForgottenPassword($email: String!) # Initiates the password reset process by sending an email to the specified address. # Requires a valid email address as input. # Returns a confirmation message indicating that an email will be sent if the account exists. # Example: # mutation ForgottenPassword { # forgottenPassword(email: "user@example.com") # } # Returns: # "You will receive an email if it matches an account in our system" forgottenPassword(email: String!): String mutation SetPassword($password: String!, $code: String!, $id: String!) # Sets a new password for a user after a password reset has been initiated. # Requires the new password, a reset code, and the user's ID, typically obtained from a password reset email link. # Parameters: # password: The new password for the user. # code: The reset token provided in the password reset email. # id: The unique identifier for the user account. # Returns a success message upon successful password update. # Example: # mutation SetPassword { # setPassword(password: "newSecurePassword123", code: "reset_code_from_email", id: "user_id_from_email") # } # Returns: # "Successfully saved password" setPassword(password: String!, code: String!, id: String!): String ``` -------------------------------- ### Activate User Mutation Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/docs/usage/authentication.md Activates a user account using a unique activation code and user ID, typically obtained from an activation email link. The mutation returns a success message. ```APIDOC mutation ActivateUser { activateUser( code: "aY6MHG5NhKvA5tzrxKXuAvOLKca3fjJQ" id: "b50acbd9-c905-477a-a3f5-d0972a5a4356" ) } // returns { "data": { "activateUser": "Successfully activated user" } } ``` -------------------------------- ### GraphQL Entry and Asset Queries Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/docs/extra/fyi.md Demonstrates how GraphQL queries for entries and assets are restricted to the current user's data by default, acting as a security fallback. It explains the impact of including section or volume arguments on permission checks and potential pagination issues. ```GraphQL query Entries { entries(limit: 5) { id title } } ``` -------------------------------- ### PHP Authenticate Mutation Logic Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/docs/extra/fyi.md Illustrates the backend logic for the GraphQL `authenticate` mutation, which involves temporarily granting control panel access to a user if they don't already have it, before attempting authentication. It shows how permissions are managed before and after the authentication attempt. ```PHP $userPermissions = $permissions->getPermissionsByUserId($user->id); if (!in_array('accessCp', $userPermissions)) { $permissions->saveUserPermissions($user->id, array_merge($userPermissions, ['accessCp'])); } if (!$user->authenticate($password)) { $permissions->saveUserPermissions($user->id, $userPermissions); throw new Error($error); } $permissions->saveUserPermissions($user->id, $userPermissions); ``` -------------------------------- ### Authenticate User Mutation Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/docs/usage/authentication.md Allows users to log in by providing their email and password. Returns JWT, expiration times, and user details upon successful authentication. ```APIDOC mutation Authenticate { authenticate( email: "james@testingthings.com" password: "testing123" ) { jwt jwtExpiresAt refreshToken refreshTokenExpiresAt user { id fullName } } } // returns { "data": { "authenticate": { "jwt": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJDcmFmdENNUyIsImlhdCI6MTYwNzIyMjg5MywiZXhwIjoxNjA3MjI0NjkzLCJzdWIiOi...", "jwtExpiresAt": 1607224693, "refreshToken": "eu5l-FkvTaWEzIt38QFR8ETx5PIS706P", "refreshTokenExpiresAt": 1614998893, "user": { "id": "1", "fullName": "James Edmonston" } } } } ``` -------------------------------- ### GraphQL Magic Authentication API Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/docs/usage/magic-authentication.md Provides mutations for implementing magic link authentication. Includes sending a magic link via email and verifying the magic code received by the user to obtain authentication tokens. ```graphql mutation SendMagicLink($email: String!) { sendMagicLink(email: $email) } # Example Response for sendMagicLink: # { # "data": { # "sendMagicLink": "You will receive an email if it matches an account in our system" # } # } mutation VerifyMagicCode($code: String!, $email: String!) { verifyMagicCode(code: $code, email: $email) { jwt jwtExpiresAt refreshToken refreshTokenExpiresAt user { id fullName } } } # Example Response for verifyMagicCode: # { # "data": { # "verifyMagicCode": { # "jwt": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJDcmFmdENNUyIsImlhdCI6MTYwNzIyMjg5MywiZXhwIjoxNjA3MjI0NjkzLCJzdWIiOi...", # "jwtExpiresAt": 1607224693, # "refreshToken": "eu5l-FkvTaWEzIt38QFR8ETx5PIS706P", # "refreshTokenExpiresAt": 1614998893, # "user": { # "id": "1", # "fullName": "James Edmonston" # } # } # } # } ``` -------------------------------- ### Craft CMS allowedGraphqlOrigins Configuration Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/docs/usage/signing-requests.md Configuration setting in Craft CMS's general.php file to allow specific origins for GraphQL requests. This is necessary when using external tools like Hasura's GraphiQL for testing. ```php $config['allowedGraphqlOrigins'] = [ 'https://cloud.hasura.io/public/graphiql', // other origins... ]; ``` -------------------------------- ### Apache CGIPassAuth Configuration Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/docs/usage/signing-requests.md Configuration directive for Apache to pass authorization headers to CGI scripts. Essential for ensuring GraphQL authorization headers are not blocked. ```apache CGIPassAuth On ``` -------------------------------- ### GraphQL Two-Factor Authentication API Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/docs/usage/two-factor-authentication.md This entry consolidates all GraphQL operations related to Two-Factor Authentication. It includes mutations for generating QR codes and secrets, verifying 2FA codes, disabling 2FA, and queries to check the 2FA status of a user. It also details how the standard authentication mutation behaves when 2FA is enabled. ```APIDOC GraphQL Two-Factor Authentication API: --- **Generate Two-Factor QR Code** Mutation: ```graphql mutation GenerateTwoFactorQrCode { generateTwoFactorQrCode } ``` Returns: ```json { "data": { "generateTwoFactorQrCode": "data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIj8..." } } ``` Description: Generates a QR code for the authenticated user to scan with their authenticator app. --- **Generate Two-Factor Secret Code** Mutation: ```graphql mutation GenerateTwoFactorSecretCode { generateTwoFactorSecretCode } ``` Returns: ```json { "data": { "generateTwoFactorSecretCode": "TWWBO37WUORAMBX7EXSJKR3..." } } ``` Description: Generates the secret code for the authenticated user, which can be manually entered into an authenticator app. --- **Verify Two-Factor Code** Mutation: ```graphql mutation VerifyTwoFactor( $email: String! $password: String! $code: String! ) { verifyTwoFactor( email: $email password: $password code: $code ) { jwt jwtExpiresAt refreshToken refreshTokenExpiresAt user { id fullName } } } ``` Parameters: - `email` (String!): The user's email address. - `password` (String!): The user's password. - `code` (String!): The 6-digit code from the authenticator app. Returns: User authentication tokens and user details upon successful verification. ```json { "data": { "verifyTwoFactor": { "jwt": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJDcmFmdENNUyIsImlhdCI6MTYwNzIyMjg5MywiZXhwIjoxNjA3MjI0NjkzLCJzdWIiOi...", "jwtExpiresAt": 1607224693, "refreshToken": "eu5l-FkvTaWEzIt38QFR8ETx5PIS706P", "refreshTokenExpiresAt": 1614998893, "user": { "id": "1", "fullName": "James Edmonston" } } } } ``` Description: Enables Two-Factor Authentication for a user and authenticates them if 2FA is already enabled. --- **Authenticate (with 2FA check)** Mutation: ```graphql mutation Authenticate( $email: String! $password: String! ) { authenticate( email: $email password: $password ) { jwt jwtExpiresAt refreshToken refreshTokenExpiresAt user { id fullName } requiresTwoFactor } } ``` Parameters: - `email` (String!): The user's email address. - `password` (String!): The user's password. Returns: If Two-Factor is enabled, authentication tokens will be null, and `requiresTwoFactor` will be true. ```json { "data": { "authenticate": { "jwt": null, "jwtExpiresAt": null, "refreshToken": null, "refreshTokenExpiresAt": null, "user": null, "requiresTwoFactor": true } } } ``` Description: Standard authentication mutation. If the user has 2FA enabled, it returns `requiresTwoFactor: true` instead of authentication tokens. --- **Check Two-Factor Enabled Status** Query: ```graphql query TwoFactorEnabled { twoFactorEnabled } ``` Returns: ```json { "data": { "twoFactorEnabled": false } } ``` Description: Checks if the authenticated user has Two-Factor Authentication enabled. --- **Disable Two-Factor** Mutation: ```graphql mutation DisableTwoFactor( $password: String! $confirmPassword: String! ) { disableTwoFactor( password: $password confirmPassword: $confirmPassword ) } ``` Parameters: - `password` (String!): The user's current password. - `confirmPassword` (String!): Confirmation of the user's current password. Returns: ```json { "data": { "disableTwoFactor": false } } ``` Description: Disables Two-Factor Authentication for the authenticated user. Requires current password confirmation. ``` -------------------------------- ### Facebook Authentication Flow (GraphQL) Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/docs/usage/social.md Handles authentication via Facebook Login. It involves two steps: first, obtaining an OAuth URL using `facebookOauthUrl`, and second, using the returned `code` from the redirect to call the `facebookSignIn` mutation. The mutation authenticates and registers users, returning JWT tokens and user details. ```APIDOC query FacebookOauthUrl { facebookOauthUrl } /* Example Response: { "data": { "facebookOauthUrl": "https://www.facebook.com/login.php?..." } } */ mutation FacebookSignIn($code: String!) { facebookSignIn(code: $code) { jwt jwtExpiresAt refreshToken refreshTokenExpiresAt user { id fullName } } } /* Example Response: { "data": { "facebookSignIn": { "jwt": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJDcmFmdENNUyIsImlhdCI6MTYwNzIyMjg5MywiZXhwIjoxNjA3MjI0NjkzLCJzdWIiOi...", "jwtExpiresAt": 1607224693, "refreshToken": "eu5l-FkvTaWEzIt38QFR8ETx5PIS706P", "refreshTokenExpiresAt": 1614998893, "user": { "id": "1", "fullName": "James Edmonston" } } } } */ ``` -------------------------------- ### JWT Authorization Header Format Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/docs/usage/signing-requests.md Specifies the required format for passing JWT tokens in the Authorization header for GraphQL requests. The token must be prefixed with 'JWT '. ```http Authorization: JWT ${token} ``` -------------------------------- ### Resend Activation Email Mutation Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/docs/usage/authentication.md Sends a new activation email to a specified user email address if an account matching the email exists in the system. The response indicates if an email was sent. ```APIDOC mutation ResendActivation { resendActivation(email: "james@testingthings.com") } // returns { "data": { "resendActivation": "You will receive an email if it matches an account in our system" } } ``` -------------------------------- ### Google Sign-In Mutation (GraphQL) Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/docs/usage/social.md Authenticates and registers users via Google Sign-In. It requires an `idToken` as input. The mutation returns JWT tokens, expiration times, and user details. It may throw an error if registration is disabled and no matching user exists. ```APIDOC mutation GoogleSignIn($idToken: String!) { googleSignIn(idToken: $idToken) { jwt jwtExpiresAt refreshToken refreshTokenExpiresAt user { id fullName } } } /* Example Response: { "data": { "googleSignIn": { "jwt": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJDcmFmdENNUyIsImlhdCI6MTYwNzIyMjg5MywiZXhwIjoxNjA3MjI0NjkzLCJzdWIiOi...", "jwtExpiresAt": 1607224693, "refreshToken": "eu5l-FkvTaWEzIt38QFR8ETx5PIS706P", "refreshTokenExpiresAt": 1614998893, "user": { "id": "1", "fullName": "James Edmonston" } } } } */ ``` -------------------------------- ### Delete User Account (GraphQL) Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/docs/usage/user-details.md Deletes the authenticated user's account. Requires the user's current password for confirmation and a second confirmation of the password. Returns a success message upon completion. ```APIDOC mutation DeleteAccount($password: String!, $confirmPassword: String!) { deleteAccount( password: $password confirmPassword: $confirmPassword ) } // Example Variables: { "password": "testing1234", "confirmPassword": "testing1234" } // Returns: { "data": { "deleteAccount": "Successfully deleted account" } } ``` -------------------------------- ### Refresh JWT Mutation Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/docs/usage/authentication.md Renews a user's JSON Web Token (JWT) using a refresh token. Returns new JWT and refresh token details. Browser requests automatically use the refresh token cookie. ```APIDOC mutation RefreshToken { refreshToken(refreshToken: "Bc7xqt6ri5vFEzIEXRo-Z0CxgG0RqF_L") { jwt jwtExpiresAt refreshToken refreshTokenExpiresAt } } // returns { "data": { "refreshToken": { "jwt": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJDcmFmdENNUyIsImlhdCI6MTYwNzIyMjg5MywiZXhwIjoxNjA3MjI0NjkzLCJzdWIiO...", "jwtExpiresAt": 1607224693, "refreshToken": "eu5l-FkvTaWEzIt38QFR8ETx5PIS706P", "refreshTokenExpiresAt": 1614998893, } } } ``` -------------------------------- ### Update User Password (GraphQL) Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/docs/usage/user-details.md Allows the authenticated user to change their password by providing the current password and the new password twice for confirmation. Returns a success message upon completion. ```APIDOC mutation UpdatePassword($currentPassword: String!, $newPassword: String!, $confirmPassword: String!) { updatePassword( currentPassword: $currentPassword newPassword: $newPassword confirmPassword: $confirmPassword ) } // Example Variables: { "currentPassword": "testing123", "newPassword": "testing1234", "confirmPassword": "testing1234" } // Returns: { "data": { "updatePassword": "Successfully updated password" } } ``` -------------------------------- ### Update Authenticated User Details (GraphQL) Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/docs/usage/user-details.md Updates the authenticated user's profile, including their full name, custom fields, and photo. Sending `photo` as `null` removes the user's avatar. The `photo` input requires `fileData` and `filename`. ```APIDOC mutation UpdateViewer($fullName: String!, $customField: String, $photo: Upload) { updateViewer( fullName: $fullName customField: $customField photo: $photo ) { id fullName photo { id url } ... on User { customField } } } // Example Variables: { "fullName": "Jerry Jackson", "customField": "A value", "photo": null // or upload file data } // Returns: { "data": { "updateViewer": { "id": "1", "fullName": "Jerry Jackson", "photo": { "id": "123", "url": "https://plugins.localhost/uploads/avatar.jpg" }, "customField": "A value" } } } ``` -------------------------------- ### Delete All Refresh Tokens Mutation Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/docs/usage/authentication.md Removes all refresh tokens associated with a user account, invalidating all active sessions. This mutation does not require arguments. ```APIDOC mutation DeleteRefreshTokens { deleteRefreshTokens } // returns { "data": { "deleteRefreshTokens": true } } ``` -------------------------------- ### Add Custom Claims to JWT Payload (PHP) Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/docs/usage/modifying-jwts.md This snippet demonstrates how to add custom data (claims) to a JWT payload. It utilizes the JwtCreateEvent from the graphql-authentication library to hook into the JWT creation process, allowing developers to inject user-specific information like a username. ```json { "iss": "CraftCMS", "iat": 1607255926, "exp": 1607257726, "sub": "21", "fullName": "James Edmonston", "email": "james@testingthings.com", "groups": ["User"], "schema": "User", "admin": "0" } ``` ```php builder; $user = $event->user; $builder->withClaim('username', $user->username); } } ``` ```json { "iss": "CraftCMS", "iat": 1607255926, "exp": 1607257726, "sub": "21", "fullName": "James Edmonston", "email": "james@testingthings.com", "groups": ["User"], "schema": "User", "admin": "0", "username": "jamesedmonston" } ``` -------------------------------- ### Delete Current Refresh Token Mutation Source: https://github.com/jamesedmonston/graphql-authentication-docs/blob/develop/docs/usage/authentication.md Deletes the currently active refresh token for a user. Accepts an optional refresh token argument; browser requests use the refresh token cookie. ```APIDOC mutation DeleteRefreshToken { deleteRefreshToken(refreshToken: "Bc7xqt6ri5vFEzIEXRo-Z0CxgG0RqF_L") } // returns { "data": { "deleteRefreshToken": true } } ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.