Join egghead, unlock knowledge.

Want more egghead?

This lesson is for members. Join us? Get access to all 3,000+ tutorials + a community with expert developers around the world.

Unlock This Lesson
Become a member
to unlock all features

Level Up!

Access all courses & lessons on egghead today and lock-in your price for life.


    Authenticate a User with a GraphQL Mutation


    Mutations give you the ability to invoke backend functions from the client. In this lesson, we will use a mutation to authenticate a user with their username and password. Authorized users will receive a token that can be used to identify the current user in future operations.

    To follow along with these queries, go to the Pet Library GraphQL Playground.



    Become a Member to view code

    You must be a Pro Member to view code

    Access all courses and lessons, track your progress, gain confidence and expertise.

    Become a Member
    and unlock code for this lesson
    orLog In




    Instructor: Now that we have an account, we can log in. Let's look at our mutation's list. We should see that there is a logIn mutation. I'm going to go ahead and write that here in our query document. We'll use logIn with the capital I. We'll use our username, our password.

    What's returned from the logIn mutation is a type called the logIn payload. This is a custom object that returns both the customer, all the of the customer details, and the user token. We're going to use the user token to validate that the user is authorized.

    When we send the logIn mutation, we're going to have access to all of the customer details. Grab their name. We're going to grab the token.

    Let's go ahead and hit play. We see our customer name, which is my name that I provided when I created my account. I also see my token. We're going to place this in another panel here at the bottom called HTTP headers.

    Now, this is easy to get mixed up with query variables. We'll make sure that we're in the HTTP header section and we'll add the authorization key. We'll add Baer. We'll paste in this token.

    Once I provide this token in the HTTP headers, I'm going to be able to send queries that are only for authorized uses. Now the query I am going to send here is called "Me". Me is going to give me information about myself, the currently authenticated user.

    The Me query returns customer details for anyone who's logged in. Here I'll query the name field. I'm going to add an operation name, because I have two different operations here in my query document. I'll call query Me, and I'll call the mutation logIn.

    Now, I can send this query and I should see all of the details for myself, because I am a logged in user. Since I'm logged in, I'll be able to check in and check out pets.