Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

authentication bug (?) for subscription only

See original GitHub issue

I have a setup that works fine:

nuxt/apollo on client side
hasura graphql engine on server side

My apollo config is:

// ~plugins/apollo/clientConfigs.js
export default function(context) {
  return {
    httpEndpoint: 'http://192.168.99.110:30590/v1/graphql',
    wsEndpoint: 'ws://192.168.99.110:30590/v1/graphql', // optional
    tokenName: 'apollo-token', // optional
    persisting: false, // Optional
    websocketsOnly: false, // Optional
    getAuth: () => {
      const myToken = 'abcdef';
      const myAuthHeader = 'Bearer '+myToken;
      return myAuthHeader;
    }
  };
}

the following query returns the expected result:

query {
  journal(limit: 1, order_by: { action_timestamp: desc }) {
    table_name
    primary_key
    user_id
    value
    col
    action_type
    action_timestamp
  }
}

But this equivalent subscription fails:

subscription {
  journal(limit: 1, order_by: { action_timestamp: desc }) {
    table_name
    primary_key
    user_id
    value
    col
    action_type
    action_timestamp
  }
}

The message in the console is:

"cannot start as connection_init failed with : Authentication hook unauthorized this request"

The web socket communication logs from the Chrome console tab Network are:

UP {"type":"connection_init","payload":{"authorization":"Bearer agx-xf_Gx8BnH9NUP0dIxZQx1uU"}}
UP {"id":"1","type":"start","payload":{"variables":{},"extensions":{},"operationName":null,"query":"subscription {\n  journal(limit: 1, order_by: {action_timestamp: desc}) {\n    table_name\n    primary_key\n    user_id\n    value\n    col\n    action_type\n    action_timestamp\n    __typename\n  }\n}\n"}}
DOWN {"type":"ka"}
DOWN {"type":"connection_error","payload":"Authentication hook unauthorized this request"}
DOWN {"type":"error","id":"1","payload":{"extensions":{"path":"$","code":"start-failed"},"message":"cannot start as connection_init failed with : Authentication hook unauthorized this request"}}
UP {"id":"1","type":"stop"}
DOWN {"type":"complete","id":"1"}

So it seems the client messages are valid, else what is missing ? Additional remarks:

The same subscription works on the admin console
Looking into the auth server I see that the token is valid - the corresponding query does work.

Where is the catch ? bug ? misconfiguration on my part ? Pls advise.

(I am not far from being able to deploy hasura in a company - and this is really a fine piece of engineering !)

Issue Analytics

State:
Created 4 years ago
Comments:5 (1 by maintainers)

Top GitHub Comments

1reaction

oscar6echocommented, Oct 1, 2019

Since the latest release of vue-cli-plugin-apollo (0.21.1) no need to manually correct the bug as above.

1reaction

praveenwebcommented, Sep 30, 2019

Hey @oscar6echo

It seems like you are using the vue-cli-plugin-apollo to setup Apollo Client. There is a bug in that module where getAuth() returns the headers as such instead of wrapping it under a headers object as expected by Hasura.

Here’s the relevant issue - https://github.com/Akryum/vue-cli-plugin-apollo/issues/134 and here’s a PR with a fix for the same which is pending to be merged https://github.com/Akryum/vue-cli-plugin-apollo/pull/144

For now, your option is to manually setup apollo client for subscriptions. We have written a tutorial to do that for any Vue app. https://learn.hasura.io/graphql/vue/subscriptions/1-subscription

Top Results From Across the Web

Authentication errors when client doesn't have TLS 1.2 support

You experience authentication and connection errors if the client doesn't support TLS 1.2.

HTTP Error 403 Forbidden: What It Means and How to Fix It

If you encounter this it usually means that you have already authenticated yourself with the server, i.e. you've logged in, but the resource...

How to Quickly Fix the 401 Unauthorized Error (5 Methods)

The 401 (Unauthorized) status code indicates that the request has not been applied because it lacks valid authentication credentials for the ...

how to handle a subscription based on an http status code ...

I'm catching the error and transforming it into a stream that never emits ... afterClosed().pipe( tap(_ => this.router.navigate(['login'])), ...

OAuth 2.0 App-Only (Bearer Token) | Docs - Twitter Developer

When issuing requests using application-only auth, there is no concept of a "current user". Therefore, endpoints such as POST statuses/update will not function ......