-
-
Notifications
You must be signed in to change notification settings - Fork 455
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFC: Async Client fetchOptions support #794
Comments
Hey, I like the idea since it solves cases for react-native,... as well, if only the fetchExchange has to worry about this we should be fine. Just a sidenote: at this moment in time we advise this to be solved in an exchange https://formidable.com/open-source/urql/docs/common-questions/#how-do-we-achieve-asynchronous-fetchoptions |
Huh... that's pretty elegant... I had missed that in the docs. This'll need a |
Yes, I guess so. Was thinking if we could change that but it would be bad for us to assume everyone knows they have to add that then. |
If you want I can take a stab at implementing the change over the weekend if you think it has merit. Let me know :) |
Just linking some related issues:
I think to explain this, this was hard for us to make a decision on, because philosophically two of our ideals are at odds with that request:
The problem here fundamentally is that I think there are good arguments to finally add this though, since we now have a central place to put it, but the concerns around guiding people to use more exchanges still stands. But as it currently is, we don't provide something like a |
Hmmm... Question; for NodeJS usage, would you generally recommend creating a client instance per request (or event etc)? |
@StevenLangbroek Yes, otherwise it’s pretty likely to accidentally leak authenticated data (unless your SSR instance never sends a token of course) Edit: Actually, in good old Redux-land, I used to have either cars frequently; where SSR servers hurt render unauthenticated app-shells sometimes |
I think we now have two competing ideas in here, but with the addition of #815 it may actually alleviate the underlying problem. We also have #796 but aren't sure yet whether that'll go forward and be finalised. The reason why |
I understand. I'm totally fine with abstracting client creation away into an async function that happens on every request, rather than overloading fetchOptions further. Feel free to close. Thanks for the thoughtful discussion 🙏 |
@StevenLangbroek that sounds like it’d clear your cache on every request as well 😅 Have you seen this Gist? It’ll probably soon be integrated into the docs as a “recipe” to write a more complex auth exchange. https://gist.github.com/kitten/6050e4f447cb29724546dd2e0e68b470 |
Oh interesting, I'll share that with colleagues. Thanks! For us requests are all user-bound anyway so sharing cache between requests would potentially have security implications. |
This will hopefully be solved by the more specific approach of #939 |
Closed since #939 is merged. Let's see how that goes for now! 🙌 |
Summary
We use Keycloak as a service-to-service authentication layer, and want to use URQL on server. Grabbing a (JWT) access token means reaching out to it over the network, and tokens have a low TTL with a refresh token. The way we could resolve this with current implementation is "hacky", in pseudo-code:
This kind of works (I know it can be made to work correctly), but there's a real chance that if this server is under high load that some requests miss their token while a new one is being requested. Making this code work just gets more and more awkward...
Proposed Solution
I understand this has potential performance implications, but what if
fetchOptions
's function form has this signature instead of the existing one?This would quite elegantly solve our problem:
Requirements
The text was updated successfully, but these errors were encountered: