[Question] How to deal with header variables like Authorization?
See original GitHub issueHi, in graphql I have a cookie with my apollo-token and check for it in my context.
export default async ({ req, connection }) => {
const authToken = req.get("Authorization")
let user = authToken ? await tradeTokenForUser(authToken) : null
return {
user
}
}
You wrote that we can setup a middleware in express for reading the token: app.use(wildcard(getContext));
This makes sense for me but I am note sure where I have to set my token in the wildcard client to send it with each endpoint query. Can you help here ? Thx!!
Issue Analytics
- State:
- Created 4 years ago
- Comments:15 (11 by maintainers)
Top Results From Across the Web
Authorization - HTTP - MDN Web Docs - Mozilla
The HTTP Authorization request header can be used to provide credentials that authenticate a user agent with a server, allowing access to a ......
Read more >Correct way to build up an Authorization header with Bearer ...
token.... is a variable obtained from an OATH request made prior. I tried: auth_token_string = "Bearer "+token api_headers = {} api_headers[" ...
Read more >How to mask HTTP Authorization header in ASM logs, similar ...
In this case you must first store the header value in a variable, remove it from the request, and inject it before the...
Read more >HTTP/1.1: Header Field Definitions
The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested....
Read more >C# REST: HttpRequest Headers. "Authorization", $"Bearer ...
All: I'm new to REST and need to pass in an AppId and Token. I've tried several different approaches similar to:.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Hi @michie1,
Yes exactly,
getContext
is not meant to be used to manipulate the response.Auth is usually done outside of Wildcard and is done by the server framework instead. For example:
You can then read the
Authorization
cookie in Wildcard’sgetContext
.I’ve plans to implement a new API
setContext
which I’ll implement if the demand for it continuous to increase.In the meantime if misusing
getContext
to manipulate the response works for you, then go for it. As far as I can see, there shouldn’t be any problem.Let me know if you have other questions!
Let me know if you are stuck btw. Your solution of setting the cookie on the browser side works for you now, correct?