I am a certified trainer that likes to share my knowledge with the world.
Also, I am an adopter of continuous learning and evolving idea.
https://dev.to/wolfiton/who-am-i-3lj7
First of all graphql creates a great api that combined with a ssr framework on the frontend creates a great user experience and can serve many clients, from mobile to OS. if you know what stacks to use.
JWT has big security problems, I would use a http cookie any day over jwt.
I already assumed that you know that graphql will be used with a frontend and i don't have to mention that.
As said you lack some knowledge here. Cookies can also be hijacked. Http cookies contain JWT itself sometimes. The thing you want to complain about is local storage which was prooven to have quite same security as cookies since there's other ways to exploit them.
Why are you saying "you don't use api but graphql" and once I pointed out "that graphql is in fact api" you go explaining it like I'm saying something bad about it? I'm pointing out that I have background services communicating with each other without any user doing anything. You'll need to work with much more complex system to understand my point. You can have graphql calling other services including other grpahql or other types of API where you're sending jwt between them and user has no direct communication with these ones. Point is graphql has nothing to do with the things I'm talking about.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
First of all graphql creates a great api that combined with a ssr framework on the frontend creates a great user experience and can serve many clients, from mobile to OS. if you know what stacks to use.
JWT has big security problems, I would use a http cookie any day over jwt.
I already assumed that you know that graphql will be used with a frontend and i don't have to mention that.
As said you lack some knowledge here. Cookies can also be hijacked. Http cookies contain JWT itself sometimes. The thing you want to complain about is local storage which was prooven to have quite same security as cookies since there's other ways to exploit them.
Why are you saying "you don't use api but graphql" and once I pointed out "that graphql is in fact api" you go explaining it like I'm saying something bad about it? I'm pointing out that I have background services communicating with each other without any user doing anything. You'll need to work with much more complex system to understand my point. You can have graphql calling other services including other grpahql or other types of API where you're sending jwt between them and user has no direct communication with these ones. Point is graphql has nothing to do with the things I'm talking about.