When invoking the Redwood GraphQL API, you need to send:
- Authorization header with
Bearer <token>with your access token - a Header
auth-providerwith the provider you use likesupabaseetc. This will be the provider type setup in your app.
If you are using self-hosted dbAuth, then the Bearer <token> then the token is your user id and you’ll also need to set the cookie (which is encypyted).
Typically, I run the app in dev and then inspect the request and copy the headers/cookie and then set those in the GraphQL Playground in the headers section.
To get a good sense of how things work, run your app and watch the requests made when cells do data fetching – that’s the info you’ll need to send.
There’s really no easy way not to set these up without poking a hole through security in development mode – which is a little risky since if you are not careful could leave your production app open.
Also, many of your services will rely of the context being set with a currentUser and authenticating will set that.
Note: Often JWT’s/access tokens will expire, so you may have to re-set these in your playground after some time has expired.