Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[Question] How to deal with header variables like Authorization?

See original GitHub issue

Hi, in graphql I have a cookie with my apollo-token and check for it in my context.

export default async ({ req, connection }) => {
  const authToken = req.get("Authorization")
  let user = authToken ? await tradeTokenForUser(authToken) : null

  return {

You wrote that we can setup a middleware in express for reading the token: app.use(wildcard(getContext));

This makes sense for me but I am note sure where I have to set my token in the wildcard client to send it with each endpoint query. Can you help here ? Thx!!

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:15 (11 by maintainers)

github_iconTop GitHub Comments

brilloutcommented, Jul 20, 2020

Hi @michie1,

Yes exactly, getContext is not meant to be used to manipulate the response.

Auth is usually done outside of Wildcard and is done by the server framework instead. For example:

const express = require("express");
const cookieParser = require("cookie-parser");
const computeJwtToken = require('./path/to/computeJwtToken');

const app = express();

app.get("/login", (req, res) => {

  const options = {
    maxAge: 7 * 24 * 60 * 60 * 1000, // Expires after 7 days
    httpOnly: true, // The cookie is only accessible by the web server
  const jwt = computeJwtToken(req);;
  res.cookie("Authorization", jwt, options);

  res.send("login successfull");

You can then read the Authorization cookie in Wildcard’s getContext.

I’ve plans to implement a new API setContext which I’ll implement if the demand for it continuous to increase.

In the meantime if misusing getContext to manipulate the response works for you, then go for it. As far as I can see, there shouldn’t be any problem.

Let me know if you have other questions!

brilloutcommented, Mar 16, 2020

Let me know if you are stuck btw. Your solution of setting the cookie on the browser side works for you now, correct?

Read more comments on GitHub >

github_iconTop Results From Across the Web

Authorization - HTTP - MDN Web Docs - Mozilla
The HTTP Authorization request header can be used to provide credentials that authenticate a user agent with a server, allowing access to a ......
Read more >
Correct way to build up an Authorization header with Bearer ...
token.... is a variable obtained from an OATH request made prior. I tried: auth_token_string = "Bearer "+token api_headers = {} api_headers[" ...
Read more >
How to mask HTTP Authorization header in ASM logs, similar ...
In this case you must first store the header value in a variable, remove it from the request, and inject it before the...
Read more >
HTTP/1.1: Header Field Definitions
The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested....
Read more >
C# REST: HttpRequest Headers. "Authorization", $"Bearer ...
All: I'm new to REST and need to pass in an AppId and Token. I've tried several different approaches similar to:.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found