Here, I am using graphql to send cookies to clients, when they send the request to the server of their credentials a particular resolver is there to handle it.

async userAuthenticationCheck(parent, args,{ res }){
           // ---
           // methods to send the cookie
           // ---
}

In a resolver there are 4 optional parameters to pass, here we are using the 'CONTEXT' {res} to pass the response from Express to send the cookie.

That resolver checks:

• Authentication: To check, if the user exists or not. If it exists then take the hashed password by getting it from the database result on querying the user. Using bcript compare the password.

// getting user info after querying for the particular user
const usersblog = await UsersModel.query().where('username', args.username);

// password in usersblog
const userAuthPass = usersblog[0].password;

// Comparison for the password, bcript returns true if it matches and false if not
let resultBcript = await bcrypt.compare(args.password, userAuthPass);

• JWT: generating JWT token to store the user ID provided by the user.

const jwtAccessToken = jwtToken(usersblog[0].user_id);

• Send cookie: Here, we have to check before sending the cookie to the client, whether the password comparison passed or not, through the variable resultBcript. The cookie to be sent is generated through the cookie method.

if(resultBcrypt){
res.cookie("aces_token",jwtAccessToken, {maxAge: 1000 * 60 * 60 * 24, httpOnly:true});
return (
                    {
                        "user_id": usersblog[0].user_id,
                        "username": usersblog[0].username,
                        "authorized": true,
                        "token": jwtAccessToken
                    }
                )
}
else{
                return({
                    "user_id": usersblog[0].user_id,
                    "username": usersblog[0].username,
                    "authorized": false,
                    "token": null
                })
}

Now you can send the cookie from a GraphQL resolver 🙌.

Tl;DR

• We are sending the cookie through the resolver, using the context parameter by assigning the response function to it.
• Next, we create methods to check the credentials provided by the client.
• Generating JWT token to store a user ID, after checking the credentials.
• Sending the cookie through response to the client, if the comparison results to true.

async userAuthenticationCheck(parent, args,{ res }){
            // getting user info after querying for the particular user
            const usersblog = await UsersModel.query().where('username', args.username);

            // password in usersblog
            const userAuthPass = usersblog[0].password;

            // Comparison for the password, bcript returns true if it matches and false if not
            let resultBcript = await bcrypt.compare(args.password, userAuthPass);

            const jwtAccessToken = jwtToken(usersblog[0].user_id);

            if(resultBcrypt){
            res.cookie("aces_token",jwtAccessToken, {maxAge: 1000 * 60 * 60 * 24, httpOnly:true});
            return (
                                {
                                    "user_id": usersblog[0].user_id,
                                    "username": usersblog[0].username,
                                    "authorized": true,
                                    "token": jwtAccessToken
                                }
                            )
            }
            else{
                            return({
                                "user_id": usersblog[0].user_id,
                                "username": usersblog[0].username,
                                "authorized": false,
                                "token": null
                            })
            }
}