Conversation
|
Actually, I was hoping to have the GraphiQL client put himself the Authorization token in the UI, instead of pre-configuring it, after all the token should be different for each client. So yes, this way allow to enable the security component, but also opens the door at the same time, through GraphiQL. Maybe a hacky way, could be to create a session for the client, so this one could send an initial query with the token: |
|
How does it "open the door", what do you mean? UI changes are really matters for the original project. I thought about the parameter option as well. The downside is that with this proposal it's really tied to a specific implementation, so the By the way, I understand that the token will be different for each client, but you're using GraphiQL for testing scenarios right? So how often would you really need to switch token? |
|
I just mean, in our case, we are developing an API and our integration environnement is shared with other teams and each team has it's own token, so in the end nobody should access our API without a valid token. By pre-configuring the GraphiQL with a specific token, then anybody could open this built-in client and start querying our API without their own token. I suppose it's not really critical, since there app would have to use their own token, because it won't go through the GraphiQL UI anymore, but once we reach production, then we won't be able to use GraphiQL anymore. In prod, it would be critical to allow anybody to use GraphiQL, so we couldn't at this point pre-configure the tool. I would say, this tool could be use even in production to help the support of the app or to do extract of data or investigate some scenario, or even just to give access to the generated documentation by GraphiQL to client. |
|
Just as reference, initially I was using Insomnia to do my GraphQL queries, but I just discovered a plugin which allow to customize the Header part of the queries: On the other hand, I agree with you that my previous suggestion is not very elegant, since it's a very very custom hacky way to do it ... but it would be possible to support few standards like that for the authorization:
Anyway, thanks for trying to improve the situation! |
|
Thanks for explaining your particular use case. That explains a lot. Just came across this "luxury" custom version of GraphiQL: https://altair.sirmuel.design/. Just glanced it over now, but it looks pretty sweet and seems to contain all features you need. Demo over here: https://altair-gql.sirmuel.design/. |
|
Yes, I know this tool, but for some reason, when I try to specify the |
|
Props look good 👍 |
|
Authorization headers can only be set in the Altair extensions and desktop apps. The web app has restrictions for setting forbidden headers. |
4 participants
This PR adds a couple of requested features:
defaultQuery,query, etc. See the updated README for details.graphiql.headers.Authorization.Working examples of both use cases can be seen in the example-graphql-tools sample app.
@elenigen @aSemy @marceloverdijk Please review