Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Authentication and Autherization for subscriptions

See original GitHub issue

First of all thanks for this amazing library. Thanks a lot. The docs for authorization in Apollo docs suck

I have a doubt, is it possible to authorize subscriptions using graphql-shield? Mutations are also possible, right?

Issue Analytics

  • State:open
  • Created 5 years ago
  • Reactions:2
  • Comments:21

github_iconTop GitHub Comments

6reactions
styk-tvcommented, Feb 4, 2019

@maticzav can we please keep this open? subscriptions are fundamental to graphql. having this library admit access on subscription level is of paramount importance to quite large audience from apollo/yoga crowds.

isAuthenticate rule is being hit during subscription access evaluation. however no way to whitelist the specific screenshot 2019-02-04 at 08 14 57

screenshot 2019-02-04 at 08 18 02 screenshot 2019-02-04 at 08 18 22 
Error: Not Authorised!
    at normalizeOptions (/Users/polfilm/git_madstat/api-apollo/app/node_modules/graphql-shield/src/shield.ts:25:32)
    at shield (/Users/polfilm/git_madstat/api-apollo/app/node_modules/graphql-shield/src/shield.ts:43:29)
    at Object.<anonymous> (/Users/polfilm/git_madstat/api-apollo/app/src/permissions.js:25:35)
    at Module._compile (internal/modules/cjs/loader.js:688:30)
    at Module._compile (/Users/polfilm/git_madstat/api-apollo/app/node_modules/pirates/lib/index.js:83:24)
    at Module._extensions..js (internal/modules/cjs/loader.js:699:10)
    at Object.newLoader [as .js] (/Users/polfilm/git_madstat/api-apollo/app/node_modules/pirates/lib/index.js:88:7)
    at Module.load (internal/modules/cjs/loader.js:598:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:537:12)
    at Function.Module._load (internal/modules/cjs/loader.js:529:3)

So evaluation of authorization is not taken under consideration.

screenshot 2019-02-04 at 08 50 08
3reactions
naviguicommented, Apr 4, 2020

I managed to get ride of this issue in graphql-yoga the problem is not in the shield library, but in the way to handle the access token the rule : isAuthenticated in grapql-yoga for example uses the function

export  function getUserId(context: Context) {
  const Authorization = context.request.get('Authorization')
  if (Authorization) {
    const token = Authorization.replace('Bearer ', '')
    const verifiedToken = verify(token, APP_SECRET) as Token
    return verifiedToken && verifiedToken.userId
  }
}

it seams that the request property of the context is not accessible from subscriptions to get the user id you have to use another property which is “connection” the Authorization status can be accessible from it, so this code works fine for me

export function getUserIdForSubscriptions (context : Context) {
  const Authorization = context.connection.context.Authorization
  if (Authorization) {
    const token = Authorization.replace('Bearer ', '')
    const verifiedToken = verify(token, APP_SECRET) as Token
    return verifiedToken && verifiedToken.userId
  }
}

don’t forget to declare it in the interface of the context

import { PubSub } from 'graphql-yoga'
import { ContextParameters } from 'graphql-yoga/dist/types'

export const pubSub = new PubSub()

export interface Context {
  connection : any
  request: any
  pubSub : PubSub,
}

export function createContext(request: ContextParameters) {
  return {
    ...request,
    pubSub,
    db
  }
}

hope this will help

Read more comments on GitHub >

github_iconTop Results From Across the Web

Subscriptions and Strong Customer Authentication (SCA)
Subscriptions and stored card information created after the enforcement date will require authentication in compliance with SCA regulation.
Read more >
Authentication and authorization - Apollo GraphQL Docs
Control access to your GraphQL API · Authentication is determining whether a given user is logged in, and subsequently determining which user someone...
Read more >
User Authorized Requests | Payments Reseller Subscription API
Authorize requests with OAuth 2.0. Following endpoints provided by Payments Reseller Subscription API must be authorized by an authenticated ...
Read more >
How to handle authorization in subscriptions? #1297 - GitHub
You have to check authentication on init and store all you need in returned context. Then you can access this data and recheck...
Read more >
Authentication and authorization | Mastering ServiceStack
ServiceStack.Auth.CredentialsProvider : You can obtain an authenticated session, by posting a username and a password (either via query string parameters or ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

how to merge multi permission into one?

Next page

Error: Cannot find module 'chalk' when using graphql-shield in production