Support authorization middleware for WSS connections

[marktani]

Issue by marktani Wednesday Jul 19, 2017 at 19:22 GMT Originally opened as https://github.com/graphcool/prisma/issues/317

---

subscription-transport-ws uses a middleware concept for new connection parameters without requiring the client to be restarted. Here's an example of how that works.

Currently, Graphcool subscriptions only support sending the token when initializing the WS client, but should support the middleware approach as well.

A current workaround for setting the Authorization token after the app has been loaded is to persist the token after login into local storage or similar, and then reload the website.

[marktani]

Comment by agborkowski Thursday Sep 28, 2017 at 09:04 GMT

---

in auth case @marktani and extend JWT WebSocket security level we should remember about refresh token challange to keep state Autohorized

    applyMiddleware(operationOptions, next) {
     [if not expired]
      operationOptions["Authorization"] = returnJWT();
    [else]
      operationOptions["Authorization"] = returnJWTChalange(operationOptions["RefreshToken"])
   [end]
      next();
    }
  }
]);

still im @WIP on it

[marktani]

Comment by perrosnk Monday Oct 30, 2017 at 16:01 GMT

---

Any updates on this?

[marktani]

Comment by cipriancaba Tuesday Oct 31, 2017 at 15:23 GMT

---

@marktani Is there any way at the moment to send Authorization token to Graphcool? If yes, please provide a working example for react-native.. Thank you

[marktani]

Comment by marktani Wednesday Nov 01, 2017 at 17:06 GMT

---

Yes, the way it always worked: https://www.graph.cool/forum/t/authentication-issues-with-subscriptions/45/2?u=nilan

This feature request is about changing the authorization token after initialing the subscription client.

[marktani]

Comment by cipriancaba Wednesday Nov 01, 2017 at 18:11 GMT

---

Well, yes, but that's like 90% of the use cases.. it seldom you have the token when you initialize the client..

Sorry if I sounded angry yesterday but I lost my mind trying to configure the websockets permissions even with the example above and settings everything to public.. I ended up creating a new project from scratch to make it work

[fredericgermain]

I have another way to do this, maybe there are some problems but it works well so far.

I'm using the same ws connection during unauthenticated <-> authenticated state, I don't force reconnect.

I've implemented this with a mutation wsAuth (I'm using WS for everything), which allow me to send the obfuscated token I got from my auth framework back to the graphql websocket server.

I'm supposed to have the session attached to the WS connection context. However, it is actually not mutable (https://github.com/apollographql/subscriptions-transport-ws/issues/228).

To override this, I just included the previous context in a wrapper, which allows me to modify the inner context. That's a little cumbersome.

A little of synchronization is maybe to be done on client side anyway, to be sure the queries which have to be authenticated are not done before the ws connection context state is updated.

Just to throw some ideas here :)