Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Authentication with graphql data provider issue

See original GitHub issue

I am using react-admin with simple graphql dataprovider. On backend I block all requests without token except my login endpoint. I use authProvider to make a request to login backend. However React-admin still use dataprovider on authentication page and since I don’t send an authentication token in the header before login I get an error.

Expected behavior should be: React-admin not using graphql dataprovider while loading login page.

If I allow unauthenticated requests to /graphql in the backend, I successfully see the login page. Screen Shot 2020-05-19 at 3 41 56 PM

As you see, react-admin is making a request to data-provider while loading the login page. But this is an issue since grahpql provide has only one endpoint /graphql

Here is the code that encounters the issue:

        const httpLink = createHttpLink({ uri: 'http://localhost:8080/graphql' })

        const authLink = setContext((_, { headers }) => {
            const token = Cookies.get('accessToken')

            return {
                headers: {
                    ...headers,
                    authorization: `Bearer ${token}`
                }
            }
        })

        const client = new ApolloClient({
            link: authLink.concat(httpLink),
            cache: new InMemoryCache()
        })

        buildGraphQLProvider({
            client
        })
            .then(dataProvider => this.setState({ dataProvider }));

So react-admin graphql dataprovider needs to access /graphql to load successfully, but that is the only endpoint for all other queries as well. I need to secure that endpoint.

Issue Analytics

State:
Created 3 years ago
Reactions:5
Comments:17 (6 by maintainers)

Top GitHub Comments

6reactions

BowlingXcommented, Jul 24, 2020

You can use graphql codegen (https://graphql-code-generator.com/) for that

.codegen.yml

overwrite: true
schema: 'http://localhost:4000/graphql'
generates:
  ./your/path/introspection.json:
    plugins:
      - introspection

Then import the introspection.json file in your project and initialize the provider with the schema: See https://github.com/marmelab/react-admin/tree/master/packages/ra-data-graphql#introspection-options

5reactions

djhicommented, Jun 4, 2020

That’s one way to do it but I think fixing it in the provider itself would probably be better. Postponing the introspection call until the first real dataProvider call (on a resource) for example

Top Results From Across the Web

Authentication and authorization - Apollo GraphQL Docs

Control access to your GraphQL API · Authentication is determining whether a given user is logged in, and subsequently determining which user someone...

GraphQL Authentication: Why out-of-band authentication is ...

These providers check credentials and issue a token (almost certainly a JWT) that is then sent with requests to the GraphQL API.

Authorization - GraphQL

Authorization is a type of business logic that describes whether a given user/session/context has permission to perform an action or see a piece...

Steps to building Authentication and Authorization for ... - Moesif

How to handle authentication and authorization for GraphQL APIs, including where to set permissions and privileges for different resources?

Authentication and Authorization in GraphQL – The Guild

But, you can't connect your data from the HTTP request to your GraphQL server, and it might be difficult later to get access...