Accessing Cookies Via Subscription #296
Replies: 3 comments
-
|
My setup was assuming some things about graphql-java that are no longer true. And I was not familiar with the websocket context. The solution is to use GraphQLWebSocketContext, which provides HandshakeRequest, allows you to do: graphQLWebSocketContext.getHandshakeRequest().getHeaders().get( "cookie" ) |
Beta Was this translation helpful? Give feedback.
-
|
Hello @MarkNenadov , I'm trying to achieve something similar but overriding Open and Close requests.. Would you mind taking a look at #295 please? Thank you. |
Beta Was this translation helpful? Give feedback.
-
|
@MarkNenadov : I don't think websocket protocol uses cookies. Infact it is anti-pattern.The first request is a http(s) request where you can do the authentication and then the request is upgraded to a websocket, but by the time you get the GraphQLWebSocketContext, it no longer has the cookies. See these links and hopefully you can join the dots. graphql-java-kickstart/graphql-java-servlet#111 https://www.youtube.com/watch?v=EuaVr7vFF5E (This is using Apollo GraphQL in node.js) https://github.com/graphql-java-kickstart/samples/tree/master/subscription-with-authentication (Same as above but done in Java) You need to grab the principal(userID?) from GraphQLWebSocketContext. Also check out this thread where folks are discussing on implementation. I'd also recommend reading this article to understand how authentication works in Websocket. |
Beta Was this translation helpful? Give feedback.
-
Is there a way with graphql-spring-boot-starter that you can access cookies within a subscription?
I currently have mutations and queries receiving a cookie in order to take care of authentication. I've used GraphQLContextBuilder to accomplish that.
However, when I've implemented subscriptions, the GraphQLContextBuilder's build() method only takes in a Session and a HandshakeRequest and there doesn't appear to be a way to access cookies.
I see that in other (non graphql related) websocket contexts, people are using a HandshakeInterceptor to access cookies with the beforeHandshake() override.
However, I don't see a way to do this with graphql-spring-boot-starter's websocket implementation.
Is there a way for me to use HandshakeInterceptor with graphql-spring-boot-starter, or is there some alternate way I can access my cookies within the subscription's resolver or publisher?
Beta Was this translation helpful? Give feedback.
All reactions