graphql_devise 0.11.0 → 0.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2b4803d3f6df2467fd64e37ae4e91e9be33f422600b9fc0a920827313c24c843
-  data.tar.gz: 152da5a17af638e55375f0e5af21246b26e49c107300d556dca7ba8992456666
+  metadata.gz: 6929ccf18a8a9f8e7cd9b3f4f5e8388cf2b6d19617ed163f8b1c769820c14e57
+  data.tar.gz: fb23c4d077deb50757905b0d28ed92764e8442b696273035d8a925c917e69fb4
 SHA512:
-  metadata.gz: 33831323626b88ecdcf4805fdc1b097bd66f18af3bebf5319d16dc27a8122672d0666d0d96c638fa4e30f85f1bc24503f2481287eed594bcfa307bce9693eb69
-  data.tar.gz: 50d5b6f84ac02367304dc81ad0609b3c5e013eb5c7eff41d5ac3feb4fa415c205810b27872e856a9b672ed621a66f361b2d61106246bf968134d08eee8524dc1
+  metadata.gz: 7f76369100a4ad9f5e1814a759e5a358dd9a38548a105ee685baf38cd5b5a42f18c58f28f320fe2d607e1061c2cc12ed64bd82085b616179004e93720b4e3baa
+  data.tar.gz: cce3f1d55751b40d6089e3a0f0b77563dbecf0298004eec3a9d40df2890ebf80b28fc8e8c95aeefb46878e7c71296c1444bff8145885f1aec014ba030253b1da

data/.gitignore

@@ -7,13 +7,16 @@
 /spec/reports/
 /tmp/
 
+README.md.*
+
 # rspec failure tracking
 .rspec_status
 /spec/dummy/log/
 /spec/dummy/tmp/
 /Gemfile.lock
 *.gemfile.lock
-/*.sqlite3
+*.sqlite3
+*.sqlite3-journal
 /spec/dummy/db/development.sqlite3
 /spec/dummy/db/test.sqlite3
 /*.gem

data/.rspec

@@ -1,2 +1,3 @@
 --format documentation
 --color
+--order random

data/.travis.yml

@@ -5,12 +5,15 @@ cache: bundler
 before_install: gem install bundler -v 1.17
 before_script: RAILS_ENV=test bundle exec rake db:create db:schema:load
 
+env: EAGER_LOAD=true
+
 rvm:
   - 2.2.10
   - 2.3.8
-  - 2.4.9
-  - 2.5.7
-  - 2.6.5
+  - 2.4.10
+  - 2.5.8
+  - 2.6.6
+  - 2.7.1
 
 gemfile:
   - gemfiles/rails4.2_graphql1.8.gemfile
@@ -25,30 +28,45 @@ gemfile:
 jobs:
   include:
     - gemfile: gemfiles/rails6.0_graphql1.8.gemfile
-      rvm: 2.5.7
+      rvm: 2.5.8
+    - gemfile: gemfiles/rails6.0_graphql1.8.gemfile
+      rvm: 2.6.6
     - gemfile: gemfiles/rails6.0_graphql1.8.gemfile
-      rvm: 2.6.5
+      rvm: 2.7.1
     - gemfile: gemfiles/rails6.0_graphql1.9.gemfile
-      rvm: 2.5.7
+      rvm: 2.5.8
     - gemfile: gemfiles/rails6.0_graphql1.9.gemfile
-      rvm: 2.6.5
+      rvm: 2.6.6
+    - gemfile: gemfiles/rails6.0_graphql1.9.gemfile
+      rvm: 2.7.1
+    - gemfile: gemfiles/rails6.0_graphql1.10.gemfile
+      rvm: 2.5.8
     - gemfile: gemfiles/rails6.0_graphql1.10.gemfile
-      rvm: 2.5.7
+      rvm: 2.6.6
     - gemfile: gemfiles/rails6.0_graphql1.10.gemfile
-      rvm: 2.6.5
+      rvm: 2.7.1
     - gemfile: gemfiles/rails6.0_graphql_edge.gemfile
-      rvm: 2.5.7
-      env: SKIP_COVERALLS=true
+      rvm: 2.6.6
+      env:
+        - SKIP_COVERALLS=true
+        - EAGER_LOAD=true
     - gemfile: gemfiles/rails6.0_graphql_edge.gemfile
-      rvm: 2.6.5
-      env: SKIP_COVERALLS=true
+      rvm: 2.7.1
+      env:
+        - SKIP_COVERALLS=true
+        - EAGER_LOAD=true
     - gemfile: gemfiles/rails_edge_graphql_edge.gemfile
-      rvm: 2.6.5
-      env: SKIP_COVERALLS=true
+      rvm: 2.7.1
+      env:
+        - SKIP_COVERALLS=true
+        - EAGER_LOAD=true
+  exclude:
+    - gemfile: gemfiles/rails4.2_graphql1.8.gemfile
+      rvm: 2.7.1
   allow_failures:
-    - rvm: 2.5.7
+    - rvm: 2.6.6
       gemfile: gemfiles/rails6.0_graphql_edge.gemfile
-    - rvm: 2.6.5
+    - rvm: 2.7.1
       gemfile: gemfiles/rails6.0_graphql_edge.gemfile
-    - rvm: 2.6.5
+    - rvm: 2.7.1
       gemfile: gemfiles/rails_edge_graphql_edge.gemfile

data/CHANGELOG.md

@@ -1,5 +1,61 @@
 # Changelog
 
+## [v0.12.0](https://github.com/graphql-devise/graphql_devise/tree/v0.12.0) (2020-06-11)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.11.4...v0.12.0)
+
+**Implemented enhancements:**
+
+- Mount auth operations in main GQL schema [\#96](https://github.com/graphql-devise/graphql_devise/pull/96) ([mcelicalderon](https://github.com/mcelicalderon))
+
+## [v0.11.4](https://github.com/graphql-devise/graphql_devise/tree/v0.11.4) (2020-05-23)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.11.3...v0.11.4)
+
+**Implemented enhancements:**
+
+- Do nothing if forgery protection enabled in ApplicationController [\#93](https://github.com/graphql-devise/graphql_devise/pull/93) ([mcelicalderon](https://github.com/mcelicalderon))
+
+## [v0.11.3](https://github.com/graphql-devise/graphql_devise/tree/v0.11.3) (2020-05-23)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.11.2...v0.11.3)
+
+**Implemented enhancements:**
+
+- Default `change\_headers\_on\_each\_request` to false [\#76](https://github.com/graphql-devise/graphql_devise/issues/76)
+- Replace the auth model concern on generator execution [\#53](https://github.com/graphql-devise/graphql_devise/issues/53)
+- Generator. Use our modules, change defaults [\#91](https://github.com/graphql-devise/graphql_devise/pull/91) ([mcelicalderon](https://github.com/mcelicalderon))
+
+## [v0.11.2](https://github.com/graphql-devise/graphql_devise/tree/v0.11.2) (2020-05-07)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.11.1...v0.11.2)
+
+**Fixed bugs:**
+
+- Avoid multiple schema and type load \(Devise behavior\) [\#88](https://github.com/graphql-devise/graphql_devise/pull/88) ([mcelicalderon](https://github.com/mcelicalderon))
+
+## [v0.11.1](https://github.com/graphql-devise/graphql_devise/tree/v0.11.1) (2020-05-05)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.11.0...v0.11.1)
+
+**Implemented enhancements:**
+
+- Honor Devise's case insensitive fields [\#81](https://github.com/graphql-devise/graphql_devise/pull/81) ([mcelicalderon](https://github.com/mcelicalderon))
+
+**Fixed bugs:**
+
+- Add query and mutation type only once after app routes [\#87](https://github.com/graphql-devise/graphql_devise/pull/87) ([mcelicalderon](https://github.com/mcelicalderon))
+
+**Closed issues:**
+
+- Get the Mutations going [\#83](https://github.com/graphql-devise/graphql_devise/issues/83)
+- Improve docs. Better reference to Devise and DTA. [\#75](https://github.com/graphql-devise/graphql_devise/issues/75)
+- Add case insensitive fields to sign\_up and login [\#66](https://github.com/graphql-devise/graphql_devise/issues/66)
+
+**Merged pull requests:**
+
+- Improve readme file [\#84](https://github.com/graphql-devise/graphql_devise/pull/84) ([mcelicalderon](https://github.com/mcelicalderon))
+
 ## [v0.11.0](https://github.com/graphql-devise/graphql_devise/tree/v0.11.0) (2020-04-11)
 
 [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.10.1...v0.11.0)

data/README.md

@@ -5,6 +5,55 @@
 
 GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylanhurley/devise_token_auth) (DTA) gem.
 
+## Table of Contents
+
+<!--ts-->
+   * [GraphqlDevise](#graphqldevise)
+      * [Table of Contents](#table-of-contents)
+      * [Introduction](#introduction)
+      * [Installation](#installation)
+         * [Running the Generator](#running-the-generator)
+            * [Mounting the Schema in a Separate Route](#mounting-the-schema-in-a-separate-route)
+            * [Mounting Operations in Your Own Schema](#mounting-operations-in-your-own-schema)
+         * [Important](#important)
+      * [Usage](#usage)
+         * [Mounting Auth Schema on a Separate Route](#mounting-auth-schema-on-a-separate-route)
+         * [Mounting Operations Into Your Own Schema](#mounting-operations-into-your-own-schema)
+         * [Available Mount Options](#available-mount-options)
+         * [Available Operations](#available-operations)
+         * [Configuring Model](#configuring-model)
+         * [Customizing Email Templates](#customizing-email-templates)
+         * [I18n](#i18n)
+         * [Authenticating Controller Actions](#authenticating-controller-actions)
+            * [Authenticate Before Reaching Your GQL Schema](#authenticate-before-reaching-your-gql-schema)
+            * [Authenticate in Your GQL Schema](#authenticate-in-your-gql-schema)
+         * [Making Requests](#making-requests)
+            * [Mutations](#mutations)
+            * [Queries](#queries)
+         * [More Configuration Options](#more-configuration-options)
+            * [Devise Token Auth Initializer](#devise-token-auth-initializer)
+            * [Devise Initializer](#devise-initializer)
+         * [GraphQL Interpreter](#graphql-interpreter)
+         * [Using Alongside Standard Devise](#using-alongside-standard-devise)
+      * [Future Work](#future-work)
+      * [Contributing](#contributing)
+      * [License](#license)
+
+<!-- Added by: mcelicalderon, at: Wed Jun 10 22:10:26 -05 2020 -->
+
+<!--te-->
+
+## Introduction
+This gem heavily relies on two gems, [Devise Token Auth](https://github.com/lynndylanhurley/devise_token_auth) (DTA)
+and [Devise](https://github.com/heartcombo/devise) which is a dependency of DTA.
+It provides a GraphQL interface on top of DTA which is designed to work with REST APIs. That's why
+things like token management, token expiration and everything up until using the actual GraphQL schema is
+still controlled by DTA. For that reason you will find that our generator runs these two gems generator and two
+initializer files are included. We'll provide more configuration details in the
+[configuration section](#more-configuration-options),
+but **we recommend you get familiar with [DTA and their docs](https://github.com/lynndylanhurley/devise_token_auth)
+in order to use this gem to its full potential**.
+
 ## Installation
 
 Add this line to your application's Gemfile:
@@ -14,17 +63,11 @@ gem 'graphql_devise'
 ```
 
 And then execute:
+```bash
+$ bundle
+```
 
-    $ bundle
-
-Or install it yourself as:
-
-    $ gem install graphql_devise
-
-Next, you need to run the generator:
-
-    $ rails generate graphql_devise:install
-
+### Running the Generator
 Graphql Devise generator will execute `Devise` and `Devise Token Auth`
 generators for you. These will make the required changes for the gems to
 work correctly. All configurations for [Devise](https://github.com/plataformatec/devise) and
@@ -32,11 +75,16 @@ work correctly. All configurations for [Devise](https://github.com/plataformatec
 so you can read the docs there to customize your options.
 Configurations are done via initializer files as usual, one per gem.
 
+#### Mounting the Schema in a Separate Route
+```bash
+$ bundle exec rails generate graphql_devise:install
+```
+
 The generator accepts 2 params: `user_class` and `mount_path`. The params
 will be used to mount the route in `config/routes.rb`. For instance the executing:
 
 ```bash
-$ rails g graphql_devise:install Admin api/auth
+$ bundle exec rails g graphql_devise:install Admin api/auth
 ```
 
 Will do the following:
@@ -51,9 +99,33 @@ Will do the following:
 `Admin` could be any model name you are going to be using for authentication,
 and `api/auth` could be any mount path you would like to use for auth.
 
-### Mounting Routes manually
-Routes can be added using the initializer or manually.
-You can add a route like this:
+#### Mounting Operations in Your Own Schema
+Now you can provide to the generator an option specifying
+the name of your GQL schema. Doing this will skip the insertion of the mount method in the
+routes file and will also add our `SchemaPlugin` to the specified schema. `user_class` param is still optional (`Admin`) in the following example.
+
+```bash
+$ bundle exec rails g graphql_devise:install Admin --mount MySchema
+```
+
+### Important
+Remember that by default this gem mounts a completely separate GraphQL schema on a separate controller in the route
+provided by the `at` option in the `mount_graphql_devise_for` method in the `config/routes.rb` file. If no `at`
+option is provided, the route will be `/graphql_auth`.
+
+**Starting with `v0.12.0`** you can opt-in to load this gem's queries and mutations into your
+own application's schema. You can actually mount a resource's auth schema in a separate route
+and in your app's schema at the same time, but that's probably not a common scenario. More on
+this in the next section.
+
+## Usage
+### Mounting Auth Schema on a Separate Route
+The generator can do this step for you by default. Remember now you can mount this gem's
+auth operations into your own schema as described in [this section](#mounting-operations-into-your-own-schema).
+
+
+Routes can be added using the generator or manually.
+You can mount this gem's GraphQL auth schema in your routes file like this:
 
 ```ruby
 # config/routes.rb
@@ -78,11 +150,83 @@ Rails.application.routes.draw do
   )
 end
 ```
+The second argument of the `mount_graphql_devise` method is a hash of options where you can
+customize how the queries and mutations are mounted into the schema. For a list of available
+options go [here](#available-mount-options)
+
+### Mounting Operations Into Your Own Schema
+Starting with `v0.12.0` you can now mount the GQL operations provided by this gem into your
+app's main schema.
+
+```ruby
+# app/graphql/dummy_schema.rb
+
+class DummySchema < GraphQL::Schema
+  # It's important that this line goes before setting the query and mutation type on your
+  # schema in graphql versions < 1.10.0
+  use GraphqlDevise::SchemaPlugin.new(
+    query:            Types::QueryType,
+    mutation:         Types::MutationType,
+    resource_loaders: [
+      GraphqlDevise::ResourceLoader.new('User', only: [:login, :confirm_account])
+    ]
+  )
+
+  mutation(Types::MutationType)
+  query(Types::QueryType)
+end
+```
+The example above describes just one of the possible scenarios you might need.
+The second argument of the `GraphqlDevise::ResourceLoader` initializer is a hash of
+options where you can customize how the queries and mutations are mounted into the schema.
+For a list of available options go [here](#available-mount-options).
+
+It's important to use the plugin in your schema before assigning the mutation and query type to
+it in graphql versions `< 1.10.0`. Otherwise the auth operations won't be available.
+
+You can provide as many resource loaders as you need to the `resource_loaders` option, and each
+of those will be loaded into your schema. These are the options you can initialize the
+`SchemaPlugin` with:
+
+1. `query`: This param is mandatory unless you skip all queries via the resource loader
+options. This should be the same `QueryType` you provide to the `query` method
+in your schema.
+1. `mutation`: This param mandatory unless you skip all mutations via the resource loader
+options. This should be the same `MutationType` you provide to the `mutation` method
+in your schema.
+1. `resource_loaders`: This is an optional array of `GraphqlDevise::ResourceLoader` instances.
+Here is where you specify the operations that you want to load into your app's schema.
+If no loader is provided, no operations will be added to your schema, but you will still be
+able to authenticate queries and mutations selectively. More on this in the controller
+authentication [section](#authenticating-controller-actions).
+1. `authenticate_default`: This is a boolean value which is `true` by default. This value
+defines what is the default behavior for authentication in your schema fields. `true` means
+every root level field requires authentication unless specified otherwise using the
+`authenticate: false` option on the field. `false` means your root level fields won't require
+authentication unless specified otherwise using the `authenticate: true` option on the field.
+1. `unauthenticated_proc`: This param is optional. Here you can provide a proc that receives
+one argument (field name) and is called whenever a field that requires authentication
+is called without an authenticated resource. By default a `GraphQL::ExecutionError` will be
+raised if authentication fails. This will provide a GQL like error message on the response.
+
+### Available Mount Options
+Both the `mount_graphql_devise_for` method and the `GraphqlDevise::ResourceLoader` class
+take the same options. So, wether you decide to mount this gem in a separate route
+from your main application's schema or you use our `GraphqlDevise::SchemaPlugin` to load
+this gem's auth operation into your schema, these are the options you can provide as a hash.
+
+```ruby
+# Using the mount method in your config/routes.rb file
+mount_graphql_devise_for('User', {})
 
-Here are the options for the mount method:
+# Providing options to a GraphqlDevise::ResourceLoader
+GraphqlDevise::ResourceLoader.new('User', {})
+```
 
-1. `at`: Route where the GraphQL schema will be mounted on the Rails server. In this example your API will have these two routes: `POST /api/v1/graphql_auth` and `GET /api/v1/graphql_auth`.
-If this option is not specified, the schema will be mounted at `/graphql_auth`.
+1. `at`: Route where the GraphQL schema will be mounted on the Rails server.
+In [this example](#mounting-auth-schema-on-a-separate-route) your API will have
+these two routes: `POST /api/v1/graphql_auth` and `GET /api/v1/graphql_auth`.
+If this option is not specified, the schema will be mounted at `/graphql_auth`. **This option only works if you are using the mount method.**
 1. `operations`: Specifying this is optional. Here you can override default
 behavior by specifying your own mutations and queries for every GraphQL operation.
 Check available operations in this file [mutations](https://github.com/graphql-devise/graphql_devise/blob/b5985036e01ea064e43e457b4f0c8516f172471c/lib/graphql_devise/rails/routes.rb#L19)
@@ -121,7 +265,7 @@ or [base resolver](https://github.com/graphql-devise/graphql_devise/blob/master/
 respectively, to take advantage of some of the methods provided by devise
 just like with `devise_scope`
 
-#### Available Operations
+### Available Operations
 The following is a list of the symbols you can provide to the `operations`, `skip` and `only` options of the mount method:
 ```ruby
 :login
@@ -133,7 +277,6 @@ The following is a list of the symbols you can provide to the `operations`, `ski
 :check_password_token
 ```
 
-
 ### Configuring Model
 Just like with Devise and DTA, you need to include a module in your authenticatable model,
 so with our example, your user model will have to look like this:
@@ -151,16 +294,12 @@ class User < ApplicationRecord
          :confirmable
 
   # including after calling the `devise` method is important.
-  # include DeviseTokenAuth::Concerns::User # is also valid (generator includes this one).
   include GraphqlDevise::Concerns::Model
 end
 ```
 
 The install generator can do this for you if you specify the `user_class` option.
-See [Installation](#Installation) for details.
-The generator will include a different module in your model, `DeviseTokenAuth::Concerns::User` which is also correct,
-we just made an alias on our namespace for consistency and possible extension.
-Generators have to be updated to generate our module.
+See [Installation](#installation) for details.
 
 ### Customizing Email Templates
 The approach of this gem is a bit different from DeviseTokenAuth. We have placed our templates in `app/views/graphql_devise/mailer`,
@@ -178,13 +317,15 @@ Keep in mind that if your app uses multiple locales, you should set the `I18n.lo
 
 ### Authenticating Controller Actions
 Just like with Devise or DTA, you will need to authenticate users in your controllers.
+For this you have two alternatives.
+
+#### Authenticate Before Reaching Your GQL Schema
 For this you need to call `authenticate_<model>!` in a before_action hook of your controller.
 In our example our model is `User`, so it would look like this:
 ```ruby
 # app/controllers/my_controller.rb
 
 class MyController < ApplicationController
-  # include DeviseTokenAuth::Concerns::SetUserByToken # is also valid (generator includes this one).
   include GraphqlDevise::Concerns::SetUserByToken
 
   before_action :authenticate_user!
@@ -197,9 +338,62 @@ end
 
 The install generator can do this for you because it executes DTA installer.
 See [Installation](#Installation) for details.
-The generator will include a different module in your model, `DeviseTokenAuth::Concerns::SetUserByToken` which is also correct,
-we just made an alias on our namespace for consistency and possible extension.
-Generators have to be updated to generate our module.
+If authentication fails for the request for whatever reason, execution of the request is halted
+and an error is returned in a REST format as the request never reaches your GQL schema.
+
+#### Authenticate in Your GQL Schema
+For this you will need to add the `GraphqlDevise::SchemaPlugin` to your schema as described
+[here](#mounting-operations-into-your-own-schema) and also set the authenticated resource
+in a `before_action` hook.
+
+```ruby
+# app/controllers/my_controller.rb
+
+class MyController < ApplicationController
+  include GraphqlDevise::Concerns::SetUserByToken
+
+  before_action -> { set_resource_by_token(:user) }
+
+  def my_action
+    render json: DummySchema.execute(params[:query], context: graphql_context)
+  end
+end
+
+# @resource.to_s.underscore.tr('/', '_').to_sym
+```
+The `set_resource_by_token` method receives a symbol identifying the resource you are trying
+to authenticate. So if you mounted the `'User'` resource, the symbol is `:user`. You can use
+this snippet to find the symbol for more complex scenarios
+`resource_klass.to_s.underscore.tr('/', '_').to_sym`.
+
+The `graphql_context` method is simply a helper method that returns a hash like this
+```ruby
+{ current_resource: @resource, controller: self }
+```
+These are the two values the gem needs to check if a user is authenticated and to perform
+other auth operations. All `set_resource_by_token` does is set the `@resource` variable if
+the provided authentication headers are valid. If authentication fails, resource will be `nil`
+and this is how `GraphqlDevise::SchemaPlugin` knows if a user is authenticated or not in
+each query.
+
+Please note that by using this mechanism your GQL schema will be in control of what queries are
+restricted to authenticated users and you can only do this at the root level fields of your GQL
+schema. Configure the plugin as explained [here](#mounting-operations-into-your-own-schema)
+so this can work.
+
+In you main app's schema this is how you might specify if a field needs to be authenticated or not:
+```ruby
+module Types
+  class QueryType < Types::BaseObject
+    # user field used the default set in the Plugin's initializer
+    field :user, resolver: Resolvers::UserShow
+    # this field will never require authentication
+    field :public_field, String, null: false, authenticate: false
+    # this field requires authentication
+    field :private_field, String, null: false, authenticate: true
+  end
+end
+```
 
 ### Making Requests
 Here is a list of the available mutations and queries assuming your mounted model is `User`.
@@ -214,10 +408,12 @@ Here is a list of the available mutations and queries assuming your mounted mode
 1. `userSignUp(email: String!, password: String!, passwordConfirmation: String!, confirmSuccessUrl: String): UserSignUpPayload`
 
    The parameter `confirmSuccessUrl` is optional unless you are using the `confirmable` plugin from Devise in your `resource`'s model. If you have `confirmable` set up, you will have to provide it unless you have `config.default_confirm_success_url` set in `config/initializers/devise_token_auth.rb`.
+1. `userSendResetPassword(email: String!, redirectUrl: String!): UserSendReserPasswordPayload`
 1. `userUpdatePassword(password: String!, passwordConfirmation: String!, currentPassword: String): UserUpdatePasswordPayload`
 
-    The parameter `currentPassword` is optional if you have `config.check_current_password_before_update` set to false (disabled by default) or the `resource` model supports the `recoverable` Devise plugin and the `resource`'s `allow_password_change` attribute is set to true.
-1. `userSendResetPassword(email: String!, redirectUrl: String!): UserSendReserPasswordPayload`
+    The parameter `currentPassword` is optional if you have `config.check_current_password_before_update` set to
+    false (disabled by default) on your generated `config/initializers/devise_token_aut.rb` or if the `resource`
+    model supports the `recoverable` Devise plugin and the `resource`'s `allow_password_change` attribute is set to true (this is done in the `userCheckPasswordToken` query when you click on the sent email's link).
 1. `userResendConfirmation(email: String!, redirectUrl: String!): UserResendConfirmationPayload`
 
     The `UserResendConfirmationPayload` will return the `authenticatable` resource that was sent the confirmation instructions but also has a `message: String!` that can be used to notify a user what to do after the instructions were sent to them
@@ -232,21 +428,64 @@ requests using the `GET` method on the Rails side, but looks like there might be
 on the [Apollo Client](https://www.apollographql.com/docs/apollo-server/v1/requests/#get-requests).
 
 We will continue to build better docs for the gem after this first release, but in the mean time
-you can use [our specs](https://github.com/graphql-devise/graphql_devise/tree/b5985036e01ea064e43e457b4f0c8516f172471c/spec/requests) to better understand how to use the gem.
-Also, the [dummy app](https://github.com/graphql-devise/graphql_devise/tree/b5985036e01ea064e43e457b4f0c8516f172471c/spec/dummy) used in our specs will give you
+you can use [our specs](spec/requests) to better understand how to use the gem.
+Also, the [dummy app](spec/dummy) used in our specs will give you
 a clear idea on how to configure the gem on your Rails application.
 
+### More Configuration Options
+As mentioned in the introduction there are many configurations that will change how this gem behaves. You can change
+this values on the initializer files generated by the installer.
+
+#### Devise Token Auth Initializer
+The generated initializer file `config/initializers/devise_token_auth.rb` has all the available options documented
+as comments. You can also use
+**[DTA's docs](https://devise-token-auth.gitbook.io/devise-token-auth/config/initialization)** as a reference.
+In this section the most important configurations will be highlighted.
+
+- **change_headers_on_each_request:** This configurations defaults to `false`. This will allow you to store the
+  credentials for as long as the token life_span permits. And you can send the same credentials in each request.
+  Setting this to `true` means that tokens will change on each request you make, and the new values will be returned
+  in the headers. So your client needs to handle this.
+- **batch_request_buffer_throttle:** When change_headers_on_each_request is set to true, you might still want your
+  credentials to be valid more than once as you might send parallel request. The duration you set here will
+  determine how long the same credentials work after the first request is received.
+- **token_lifespan:** This configuration takes a duration and you can set it to a value like
+  `1.month`, `2.weeks`, `1.hour`, etc.
+
+**Note:** Remember this gem adds a layer on top of DTA, so some configurations might not apply.
+
+#### Devise Initializer
+The generated initializer file `config/initializers/devise_token_auth.rb` has all the available options documented
+as comments. You can also use
+**[Devise's docs](https://github.com/heartcombo/devise)** as a reference.
+In this section the most important configurations will be highlighted.
+
+- **password_length:** You can change this value to validate password length on sign up and password update
+  (must enable the validatable module).
+- **mailer_sender:** Set it to a string with the sender's email address like `'support@example.com'`.
+- **case_insensitive_keys:** Setting a value like `[:email]` will make email field case insensitive on login, sign up, etc.
+- **email_regexp:** You can customize the regex that will validate the format of email addresses (must enable the validatable module).
+
+**Note:** Remember this gem adds a layer on top of Devise, so some configurations might not apply.
+
+### GraphQL Interpreter
+GraphQL-Ruby `>= 1.9.0` includes a new runtime module which you may use for your schema.
+Eventually, it will become the default. You can read more about it
+[here](https://graphql-ruby.org/queries/interpreter).
+
+This gem supports schemas using the interpreter and it is recommended as it introduces several
+improvements which focus mainly on performance.
+
 ### Using Alongside Standard Devise
 The DeviseTokenAuth gem allows experimental use of the standard Devise gem to be configured at the same time, for more
 information you can check [this answer here](https://github.com/lynndylanhurley/devise_token_auth/blob/2a32f18ccce15638a74e72f6cfde5cf15a808d3f/docs/faq.md#can-i-use-this-gem-alongside-standard-devise).
 
-This gem supports the same and should be easier to handle email templates due to the fact we don't override standard Devise
-templates.
+This gem supports the same and should be easier to handle email templates due to the fact we don't override
+standard Devise templates.
 
 ## Future Work
 We will continue to improve the gem and add better docs.
 
-1. Add mount option that will create a separate schema for the mounted resource.
 1. Make sure this gem can correctly work alongside DTA and the original Devise gem.
 1. Improve DOCS.
 1. Add support for unlockable and other Devise modules.