Can't call authenticated Redwood API from outside Redwood

Hi all! I have a Redwood app w/ Auth0, all on latest versions. I’m able to login, view protected routes, fetch data from the API side using the Redwood client side, etc. Basically everything works as expected when using the Redwood client, it’s when I try to hit the API from outside Redwood that I have issues.

When I call the graphql api from Postman (or anything other than the Redwood client side) context.currentUser is undefined inside the isAuthenticated function in auth.ts. When I console.log the context from isAuthenticated is has the auth token and other information from the API call (as far as I can tell it has everything but the currentUser), so I can’t figure out why currentUser is not being set.

If I set the query to skipAuth the Postman calls work fine. The steps I’m following are:

  • Log in to the Redwood client side with Auth0
  • Inspect network calls to grab the token the client side is using to call the API
  • use that token in Postman as a bearer token (stripping it so it’s just the token)

I might be missing something, but I don’t get why a token that works to make calls from the Redwood client wouldn’t work making the same calls in Postman or other API testing tools. I’m almost certain I’ve done this same thing on other Redwood projects in the past. Any ideas? Thanks!!

I also noticed that when calling the graphql api from outside Redwood that getCurrentUser isn’t called. Here is my graphql.ts

import { authDecoder } from '@redwoodjs/auth-auth0-api'
import { createGraphQLHandler } from '@redwoodjs/graphql-server'

import directives from 'src/directives/**/*.{js,ts}'
import sdls from 'src/graphql/**/*.sdl.{js,ts}'
import services from 'src/services/**/*.{js,ts}'

import { getCurrentUser } from 'src/lib/auth'
import { db } from 'src/lib/db'
import { logger } from 'src/lib/logger'

export const handler = createGraphQLHandler({
  cors: {
    origin: process.env.REDWOOD_WEB_URL,
    credentials: true,
    allowedHeaders: '*',
  loggerConfig: { logger, options: {} },
  onException: () => {
    // Disconnect from your database with an unhandled exception.

May I ask how you are calling it? You do need to provide all the auth headers and well as a header to indicate which auth provider to use.

You can inspect your network tab in the browser the see the headers: Authorization with bearer and token and the auth-provider

Redwood studio does some user impersonation shows what these value need to be for a few providers: studio/api/src/lib/authProviderEncoders/dbAuthEncoder.ts at e847b32908692af7ecaba2a9b1a8ad6b9d9ce50e · redwoodjs/studio · GitHub

@dthyresson thanks so much!! I was missing the Auth-Provider : auth0 header.