Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

documentation of how to handle Authorization

See original GitHub issue

Story

I’m want to be able to send user authorization token that can modify the GraphQL context

When using subscriptions-transport-ws I could generate the GraphQL Context using the onConnect helper

https://github.com/sibelius/relay-workshop/blob/master/packages/server/src/index.ts#L30

import { SubscriptionServer } from 'subscriptions-transport-ws';

SubscriptionServer.create(
    {
      onConnect: async (connectionParams: ConnectionParams) => {
        const { user } = await getUser(connectionParams?.authorization);

        return getContext({ user });
      },
      // eslint-disable-next-line
      onDisconnect: () => console.log('Client subscription disconnected!'),
      execute,
      subscribe,
      schema,
    },
    {
      server,
      path: '/subscriptions',
    },
  );

When using this package, we need to pass context on server creating that we won’t be able to modify context based on use authorization token

Issue Analytics

State:
Created 3 years ago
Reactions:6
Comments:31 (16 by maintainers)

Top GitHub Comments

2reactions

sibeliuscommented, Oct 23, 2020

should this be another recipe?

2reactions

enisdenjocommented, Oct 23, 2020

I personally like performing authorization on every subscription request (in onSubscribe). In cases where you’re using token based auth, running a check on every operation request guarantees expiry detection or manipulation prevention.