Picture yourself walking down a dark alley. You are on your way to join the “Secret Club for Super Cool People” (if you’re reading this, you are a well deserving member). As you enter the hidden door to the club, you are greeted by a receptionist who hands you a form to complete. On the form, you must enter your name and a password, which will be known only by you and the receptionist.
Once you have completed the form, you hand it back to the receptionist, who goes to the back room of the club. In the back room, the receptionist uses a secret key to encode your password and then stores your encrypted password in a locked file vault. They then stamp a coin, on which is pressed your unique membership ID. Upon returning to the front room, the receptionist hands you the coin, which you tuck away in your pocket. Now each time you return to the club, you need only show your coin to gain entrance.
The interaction I describe above may sound like something out of a low budget spy movie, but is nearly identical to the process that is followed each time we sign up for a web application. In this chapter, we’ll learn how to GraphQL mutations that will allow a user to create an account and sign in to our application. We’ll also learn how to encrypt the user’s password and return a token to the user, which they can use to verify their identity when they interact with our application.
Before we get started, let’s step ...