I am trying to send authenticated requests to my api, and I am using dbauth for authentication.
I saw a previous post about sending authenticated requests to the server: Using the GraphQL Playground with authentication - #2 by dthyresson. But I could not make it work with dbauth.
I copied the value in from session in the application-tab in the dev-tools in chrome, when I set the value in playground’s “request headers” so did it not work.
Any idea on how to make it work?
@markymark I was able to reproduce the case where the Cookie header is being stripped in the playground request, such that the request isn’t authenticated correctly. I need to do some investigating but will write up an issue and will follow up there and post back with a solution.
@markymark Update: We’re still diagnosing, but seems to be an issue with the GraphQL Playground.
As a workaround, if you use a product like https://paw.cloud to make requests, I have confirmed that setting the headers does let you make authenticated requests:
Here is without the cookie set, and unauthenticated (well, in truth a bad request for dbAuth as the cookie is not sent so the error is a little different):
And with cookie set:
Note: I set the posts query to @requireAuth.
We’ll work with The Guild and Yoga’s GraphiQL Playground to resolve this.
Thanks for the help.
Do I have to set the authorization “bearer” token? If that is the case, where do I find the value that you have set in yours?
Isn’t the cookie value and the auth-provider enough?
Yes, the value after the Bearer is the user id.
It is needed because of the way the auth headers are parsed; see: redwood/packages/api/src/auth/index.ts at 230f79d07b50e8aad3635ffe1484531a6ae31342 · redwoodjs/redwood · GitHub
is there a way to set auth headers on api initialisation? am asking because i know that the GraphQL playground acts like a web client for the server, why cant we do response.set(“Authorization”:“Bearer ”) before starting the graphql playground?. or can there be a way the auth modules expose a login endpint where you could get the headers just like Apollo GraphQL server does?
Are you trying to use GraphQL Playground as an authenticated user in dev? For example to impersonate a user to test requests as that user?
If so , Redwood Studio has that feature.
See : Studio | RedwoodJS Docs
Studio development is on a bit of a hold as the team focussed on RSC.
Have plans to improve.
