What is the correct approach to access local/graphql with requireAuth in services?

Just linking up auth with netlify-identity and was wondering what the correct approach is to access our protected routes when making requests from http://localhost:8911/graphql
I would assume via request headers. But not 100% on what is needed to do this and where to get that info.

:wave: @KrisCoulson and welcome!

I’m not sure I understand this 100%. Could you provide a real-life example of where graphql would access a route?

A good start to learn about Auth on the api side is https://redwoodjs.com/docs/authentication#graphql-query-and-mutations

This covers auth.js and requireAuth()

For some more info on Priovate routes and how they are protected with roles: https://redwoodjs.com/cookbook/role-based-access-control-rbac#how-to-protect-a-route

This helps introduce useAuth()

If that helps, great, but if not let us know and I’m sure the community can step in and guide.

Hey :wave: @dthyresson
Sorry if I wasn’t clear, So I set up auth and protected my service queries.
But I am using the graphql playground and am receiving errors when trying to use a mutation,

from the generated requireAuth there is no currentUser logged in on port 8911

  if (!context.currentUser) {
    throw new AuthenticationError("You don't have permission to do that.")
  }

So I am wondering how I can bypass this in dev

@KrisCoulson Ah, I understand.

Yes, so you would pass a Bearer token and the auth-provider as headers into the GraphQL post.

This is Insomnia Core

image

(Note can also use their “Bearer” settings to set the Authorization header)

You would do the same in the GraphQL Playground in HTTP Headers (only in dev since the playground is disabled in prod … which is where Insomnia comes in handy):

image

@dthyresson
Wow… I totally did this before I asked this question and it didn’t work and was wondering why. It was because the token doesn’t wrap the graphql playground and I was missing the comma to separate the params… Well, at least this thread is here incase anyone else comes looking.

I guess one other question I am assuming the only way to get the Authorization token is to pull it off the logged in request from the network tab? Just so anyone that may come across this thread in the future. Will know where to find the details to make this work

Yes, that is where I grab it from since Netlify Identity stores it in localStorage.

One note - currently the token does not refresh on the web side (known RW issue), so you could be left with an expired token that will be verified (and fail) on the api side. Just look for the “exp” in the decoded token and do some math – and logout/login again to get a new token.