Here's an example of how things could work.
Worst case, we don't get back any 'id' when user authenticates via GitHub. So we only have the 'login' name to work with. Note: all queries below are done with my non-privileged account credentials. (Actually, the queries can be made unauthenticated, but the API rate limits are lower.)
At initial authentication time:
- Query for details of login. The GraphQL query is:
query user_info($login: String!) {
user(login:$login) {
login # not needed, just echos the input value
id # the v4 'id', called 'node_id' in v3 REST responses
databaseId # the v3 'id', called 'id' in v3 REST responses
}
}
With variables of: { "login": "moz-hwine"}
That returns the response:
{
"data": {
"user": {
"login": "moz-hwine",
"id": "MDQ6VXNlcjg5NjQzNzM=",
"databaseId": 8964373
}
}
}And we would store the v4 "id" value in the database
Later, when we want to validate that the user is still authorized, we can make the query:
query id_lookup($id_to_check: ID!) {
node(id: $id_to_check) {
... on User {
login # the field we may need for further API actions
id # just an echo of input
databaseId # the v3 id
}
}
}
With variables of: { "id_to_check": "MDQ6VXNlcjg5NjQzNzM=" } # 'id' from database
Will return a response of:
{
"data": {
"node": {
"login": "moz-hwine",
"id": "MDQ6VXNlcjg5NjQzNzM=",
"databaseId": 8964373
}
}
}So we have everything we need. Fwiw, here's how to decode the new v4 id's (don't use, just informational when debugging):
$ echo "MDQ6VXNlcjg5NjQzNzM=" | openssl enc -base64 -d ; echo
04:User8964373Where '04' is the number of characters prefixing the v3 'id'