Graphql-engine: Feature request: method to forcefully disconnect a websocket
In current version of hasura, when the user token (whatever you pass to the auth hook) is revoked (e.g. user logged out remotely or user credential changed), any websocket already connected to hasura will still work and their access will not be revoked. I'd like to request a method to disconnect one or all the websockets from a certain user ID, so when the user automatically reconnect, their token will be re-verified by the auth hook.
Jamesits
All 2 comments
Currently we enforce the expiry of authorization information in JWT mode (the connection gets closed after the expiration time as specified in the JWT). This is lacking in the webhook mode, maybe the webhook can specify the expiry time of the session with Expires header?
I'd like to request a method to disconnect one or all the websockets from a certain user ID, so when the user automatically reconnect, their token will be re-verified by the auth hook.
This I feel should be added as a part of a larger 'subscription management' APIs for an admin user.
0x777
on 30 Dec 2019
FYI, webhook mode respects Expires and Cache-Control values via https://github.com/hasura/graphql-engine/commit/5b54f9d76629383da854cc16fb9667ea36b96218
Read more here: https://hasura.io/docs/1.0/graphql/manual/auth/authentication/webhook.html#response
tirumaraiselvan
on 3 Jun 2020
Related issues
leoalves
路
3Comments
Fortidude
路
3Comments
tirumaraiselvan
路
3Comments
shahidhk
路
3Comments
lishine
路
3Comments
Most helpful comment
Currently we enforce the expiry of authorization information in JWT mode (the connection gets closed after the expiration time as specified in the JWT). This is lacking in the webhook mode, maybe the webhook can specify the expiry time of the session with
Expiresheader?This I feel should be added as a part of a larger 'subscription management' APIs for an
adminuser.