Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[Question] How to deal with header variables like Authorization?

See original GitHub issue

Hi, in graphql I have a cookie with my apollo-token and check for it in my context.

export default async ({ req, connection }) => {
 
  const authToken = req.get("Authorization")
  let user = authToken ? await tradeTokenForUser(authToken) : null

  return {
    user
  }
}

You wrote that we can setup a middleware in express for reading the token: app.use(wildcard(getContext));

This makes sense for me but I am note sure where I have to set my token in the wildcard client to send it with each endpoint query. Can you help here ? Thx!!

Issue Analytics

State:
Created 4 years ago
Comments:15 (11 by maintainers)

Top GitHub Comments

1reaction

brilloutcommented, Jul 20, 2020

Hi @michie1,

Yes exactly, getContext is not meant to be used to manipulate the response.

Auth is usually done outside of Wildcard and is done by the server framework instead. For example:

const express = require("express");
const cookieParser = require("cookie-parser");
const computeJwtToken = require('./path/to/computeJwtToken');

const app = express();
app.use(cookieParser());

app.get("/login", (req, res) => {

  const options = {
    maxAge: 7 * 24 * 60 * 60 * 1000, // Expires after 7 days
    httpOnly: true, // The cookie is only accessible by the web server
  };
  const jwt = computeJwtToken(req);;
  res.cookie("Authorization", jwt, options);

  res.send("login successfull");
});

You can then read the Authorization cookie in Wildcard’s getContext.

I’ve plans to implement a new API setContext which I’ll implement if the demand for it continuous to increase.

In the meantime if misusing getContext to manipulate the response works for you, then go for it. As far as I can see, there shouldn’t be any problem.

Let me know if you have other questions!

1reaction

brilloutcommented, Mar 16, 2020

Let me know if you are stuck btw. Your solution of setting the cookie on the browser side works for you now, correct?

Top Results From Across the Web

Authorization - HTTP - MDN Web Docs - Mozilla

The HTTP Authorization request header can be used to provide credentials that authenticate a user agent with a server, allowing access to a ......

Correct way to build up an Authorization header with Bearer ...

token.... is a variable obtained from an OATH request made prior. I tried: auth_token_string = "Bearer "+token api_headers = {} api_headers[" ...

How to mask HTTP Authorization header in ASM logs, similar ...

In this case you must first store the header value in a variable, remove it from the request, and inject it before the...

HTTP/1.1: Header Field Definitions

The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested....

C# REST: HttpRequest Headers. "Authorization", $"Bearer ...

All: I'm new to REST and need to pass in an AppId and Token. I've tried several different approaches similar to:.