I would recommend just inspecting a graphql query you send while you are logged in and make a request, using your browsers network tools. Chrome has a great utility of copying any query you sent in a bunch of script-ready formats, like a call to cURL or fetch, including any headers you sent along.
Yes this is what I have been doing so far. I have been able to grab the auth token in this way but I imagine it will expire sooner or later and I was hoping to be able to programatically acquire an auth token. Based on the source in this file it looks like you’re using Meteor to manage authentication. For password-based authentication (as opposite to oauth via google/fb/github) are you also using Meteor?
Interestingly, I see the username and a hash of the password being sent to a sockjs endpoint. Does authentication happen via a websocket?!
We sadly don’t really have any infrastructure set up to hand out programmatic auth tokens, but I think we set the expiration date to something like 5 years, so I don’t think you should run into much of an issue.
And yeah, Meteor generally communicates over websockets. So my guess is that includes the auth part.
I would recommend just inspecting a graphql query you send while you are logged in and make a request, using your browsers network tools. Chrome has a great utility of copying any query you sent in a bunch of script-ready formats, like a call to cURL or fetch, including any headers you sent along.
Yes this is what I have been doing so far. I have been able to grab the auth token in this way but I imagine it will expire sooner or later and I was hoping to be able to programatically acquire an auth token. Based on the source in this file it looks like you’re using Meteor to manage authentication. For password-based authentication (as opposite to oauth via google/fb/github) are you also using Meteor?
Interestingly, I see the username and a hash of the password being sent to a sockjs endpoint. Does authentication happen via a websocket?!
Yep, all auth currently happens via Meteor.
We sadly don’t really have any infrastructure set up to hand out programmatic auth tokens, but I think we set the expiration date to something like 5 years, so I don’t think you should run into much of an issue.
And yeah, Meteor generally communicates over websockets. So my guess is that includes the auth part.