Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How about authorization #10

Closed
alexandru-calinoiu opened this issue Oct 29, 2017 · 6 comments
Closed

How about authorization #10

alexandru-calinoiu opened this issue Oct 29, 2017 · 6 comments

Comments

@alexandru-calinoiu
Copy link

alexandru-calinoiu commented Oct 29, 2017
edited

If my graphql endpoint requires authorization can I still use graphiql?
@junelau
Copy link

junelau commented Dec 5, 2017
edited

@alexandru-calinoiu If you are using cookie authentication, this line[https://github.com/JosephWoodward/graphiql-dotnet/blob/d5bc728c2318e740f50c756692bd332aeeee0ccf/src/graphiql/assets/index.html#L119] will do it for you.

However, if you are using tokens, you'll need to save your token as a cookie - and include it as a header in your request.

function getCookie(name) {
  var re = new RegExp(name + "=([^;]+)");
  var value = re.exec(document.cookie);
  return value != null ? unescape(value[1]) : null;
}

and add the token to your request header

return fetch('/graphql', {
          method: 'post',
          headers: {
            'Accept': 'application/json',
            'Content-Type': 'application/json',
            'Authorization': "Bearer " + getCookie("access_token")
          }
}

@alexandru-calinoiu
Copy link
Author

Got it, makes sens, thank you.

@MisterJimson
Copy link

I don't quite understand the second case, where do we modify the fetch code to include the auth header? In the client side code? We would need to maintain a fork to do this?

A small bit of UI that lets you set custom headers in the UI would be perfect and flexible for other cases as well.

@pain0486
Copy link

@alexandru-calinoiu

function getCookie(name) {
  var re = new RegExp(name + "=([^;]+)");
  var value = re.exec(document.cookie);
  return value != null ? unescape(value[1]) : null;
}

and add the token to your request header

return fetch('/graphql', {
          method: 'post',
          headers: {
            'Accept': 'application/json',
            'Content-Type': 'application/json',
            'Authorization': "Bearer " + getCookie("access_token")
          }
}

Where would you add this? Speaking about the Or is this something we would have to fork?

@josephwoodward
Copy link
Owner

@pain0486 You'd have to make the modification to the index.html file that's bundled with this library.

This definitely seems like something that would be good to build into this library so people don't have to modify the index file manually.

@josephwoodward josephwoodward mentioned this issue Aug 15, 2019
Open
@pain0486
Copy link

@josephwoodward Thanks... for the time being, I found an easy work around. I installed a Chrome extension called ModHeader
Then I added the authorization header and my token and everything started working fine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@alexandru-calinoiu @josephwoodward @MisterJimson @junelau @pain0486