Skip to content

docs: add section about passing in JWTs #71

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Nov 27, 2023
Merged

docs: add section about passing in JWTs #71

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
b5cca3c
docs: add section about passing in JWTs
mjfwebb Nov 27, 2023
e4c1431
Apply suggestions from code review
mjfwebb Nov 27, 2023
79aa8d1
Update modules/ROOT/pages/authentication-and-authorization/configurat…
mjfwebb Nov 27, 2023
3e11aef
Update modules/ROOT/pages/authentication-and-authorization/configurat…
mjfwebb Nov 27, 2023
ff619ab
Update modules/ROOT/pages/authentication-and-authorization/configurat…
mjfwebb Nov 27, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 45 additions & 0 deletions modules/ROOT/pages/authentication-and-authorization/configuration.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -126,3 +126,48 @@ type JWT @jwt {
====
The seemingly excessive escaping is required to doubly escape: once for GraphQL and once for `dot-prop`, which is used under the hood to resolve the path.
====

== Passing in JWTs

To pass in an encoded JWT, you must use the token field of the context.
When using Apollo Server, extract the authorization header into the token property of the context as follows:

[source, javascript, indent=0]
----
const server = new ApolloServer({
schema,
});

await startStandaloneServer(server, {
context: async ({ req }) => ({ token: req.headers.authorization }),
});
----

For example, a HTTP request with the following `authorization` header should look like this:

[source]
----
POST / HTTP/1.1
authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJyb2xlcyI6WyJ1c2VyX2FkbWluIiwicG9zdF9hZG1pbiIsImdyb3VwX2FkbWluIl19.IY0LWqgHcjEtOsOw60mqKazhuRFKroSXFQkpCtWpgQI
content-type: application/json
----

Alternatively, you can pass a key `jwt` of type `JwtPayload` into the context, which has the following definition:
Copy link
Contributor

@lidiazuin lidiazuin Nov 27, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Alternatively, you can pass a key `jwt` of type `JwtPayload` into the context, which has the following definition:
Alternatively, you can pass a key `jwt` of type `JwtPayload` into the context:

Copy link
Contributor Author

@mjfwebb mjfwebb Nov 27, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm this one might need some reworking. The code this refers to is actually not an example of how to use the payload, it is instead the shape of the payload.

We didn't want to go into too much detail about what a user would need to do specifically, instead just providing them enough information to make informed decisions.

Copy link
Contributor

@lidiazuin lidiazuin Nov 27, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see! It's ok, so just ignore my suggestion :)


[source, typescript, indent=0]
----
// standard claims https://datatracker.ietf.org/doc/html/rfc7519#section-4.1
interface JwtPayload {
[key: string]: any;
iss?: string | undefined;
sub?: string | undefined;
aud?: string | string[] | undefined;
exp?: number | undefined;
nbf?: number | undefined;
iat?: number | undefined;
jti?: string | undefined;
}
----

[WARNING]
_Do not_ pass in the header or the signature.