Authenticator vs Visitor about examples HOT 4 CLOSED

The above refers to: setup.sh in this example. But I see that the same terms are used in the Postgraphile Starter (full-stack opinionated example).

from examples.

If I'm understanding the explanation correctly, a query by a non-verified user will be as an "Authenticator." And once the user logs in/gets verified, then the queries will be ran as a "Visitor." Could someone verify this is the correct understanding?

This is not correct. Everyone who visits the site is a visitor (except potentially you might add different roles in future such as "admin") - so whether you're logged in or not you're a visitor. The authenticator is the role that authenticates against the database (i.e. has a password, is used in the PostgreSQL connection string) and can then switch into the relevant role for the user once it has authenticated them ("yes, I believe you are use 27", or "yes, I believe you are an anonymous visitor"). The roles the authenticator can switch to (such as "visitor") do not have passwords - you cannot access them directly, only via the authenticator. In this repository so far the authenticator always changes into the "visitor" role when serving a GraphQL request, but you could expand the list of potential roles in future, e.g. adding "admin", "manager", "backup", etc. Note the authenticator role has both more and fewer privileges than "visitor" - it has the "noinherit" flag so it cannot do anything itself (we've not granted it any table/schema privileges), however it can switch into more powerful roles that can do the things we grant.

The rest of your questions stem from the above misunderstanding, so hopefully this clears things up.

Please could you point to where the explanation was that confused you? I'd like to have a go at making the wording more clear.

from examples.

Hi Benjie, thanks for the quick reply and the clarification! My apologies for the misunderstanding.

I believe my confusion came from the terms changing from the different names used for each of the example/tutorial.
Main documentation (https://www.graphile.org/postgraphile/default-role/) uses auth_user.
Forum example (https://github.com/graphile/postgraphile/blob/master/examples/forum/schema.sql) uses forum_example_postgraphile, forum_example_person, forum_example_anonymous.
Full-stack Starter (https://github.com/graphile/starter) uses Owner, Authenticator and Visitor.

Granted each of them are doing things slightly differently, but it somewhat confused me as an inexperienced programmer/graphql/postgraphile user.

Are there any schema examples of a schema that uses multiple roles using sessions? The main documentation uses jwt, but it looks like even you have moved away from jwt and is using sessions (postgres or redis) to manage the roles.
The Full-stack Starter uses one Visitor but with is_admin value for app_public.users, which I assume means it is intended that all queries happen with the Visitor but the query will be verified/filtered in the backend. I believe you intend the additional roles to be administered in the async pgSettings(req) function (@app/server/src/middleware/installPostGraphile.ts row 199), is that correct? get the query, and then issue the role object? I see your comment in row 209 ("Everyone uses the "visitor" role currently").

Thank you so much for your effort in building/maintaining such an amazing software.

from examples.

I believe my confusion came from the terms changing from the different names used for each of the example/tutorial.

Fair enough; there's lots of potential ways of building valid schemas with PostGraphile.

Are there any schema examples of a schema that uses multiple roles using sessions?

I can't think of any off-hand.

The main documentation uses jwt, but it looks like even you have moved away from jwt and is using sessions (postgres or redis) to manage the roles.

The original PostGraphQL author added the JWT functionality, I don't use it (and never have). Lots of people seem to like/want JWT though, so we leave the JWT features supported and the tutorial uses it because to use sessions you need to understand Express, sessions, etc; whereas with JWT you can do it with the PostGraphile CLI.

The Full-stack Starter uses one Visitor but with is_admin value for app_public.users, which I assume means it is intended that all queries happen with the Visitor but the query will be verified/filtered in the backend.

We don't currently use the is_admin flag for anything. I might use a PostgreSQL role to represent it, but more likely I'd just use SECURITY DEFINER functions in the database for custom mutations that only the admin can run.

I believe you intend the additional roles to be administered in the async pgSettings(req) function (@app/server/src/middleware/installPostGraphile.ts row 199), is that correct?

Yes, if you need more than one role that'd be where to do it.

get the query, and then issue the role object? I see your comment in row 209 ("Everyone uses the "visitor" role currently").

s/query/request/ -> yes.

Thank you so much for your effort in building/maintaining such an amazing software.

Thanks! If you want to help me continue to make awesome OSS, please consider sponsoring me: https://www.graphile.org/sponsor/ Every contribution helps.

I'm going to close this issue as I think it's sufficiently addressed.

from examples.