how do I authorize graphql calls?

[ocataco]

When I try to create an Economic event from a script, I get the error:

<GraphQL::Client::Response:0x00007fe5df049620 @original_hash={"data"=>{"createEconomicEvent"=>nil}, "errors"=>[{"code"=>"needs_login", "locations"=>[{"column"=>3, "line"=>2}], "message"=>"You need to log in first. ", "path"=>["createEconomicEvent"], "status"=>401}]}, @data=#<#::RootMutationType createEconomicEvent=nil>, @errors=#<GraphQL::Client::Errors @messages={} @details={}>, @extensions=nil>

I actually do login first in the script, but in the LoginResponse there doesn't seem a token available that I can use in the authorization header for the economic event call..

In the browser, in the graphiql interface it does not seem to be an issue... there I can first log in and then make an economic resource in separate tabs. my guess is that it's handled with the _bonfire_key cookie?

But how am i supposed to do authorization exactly from a script?

[mayel]

Can't you read the cookies in the response and provide it in the header of any subsequent requests?

[ocataco]

Hi Mayel,

I probably could, but unfortunately not with the client library i'm using right now (I just looked).

Apart from that inconvenience I would prefer if the service would use bearer tokens since it's just simpler to work with from an app/iot/spa (non-traditional web) client, and it has become the de facto standard.

I mean there is a special drop down gui in the graphiql interface for the Authorization header, and the service this is replacing (https://api.reflowproject.eu/api/explore) supports it, so at this point i expected it to work with bearer tokens?

Hope you understand & thanks for looking into this, Taco

[mayel]

Hi Taco, good point and would be happy to review a pull request for that.

[densizengin]

Hello @ocataco,

I pushed some changes to the authentication system. Now it should support Bearer tokens.

Are you able to use Bearer tokens inside your requests within the «authorization» header of your GraphQL client library? If so, you can get the «token» field from the «login» mutation, and put that token into the «authorization» header with the «bearer» scheme. This should authenticate you.

Also, I would really appreciate if you tell me what library you use. ^^

Cheers.

[ocataco]

Hi Srfsh,

Sounds great, thanks!

I just did a 'make update' and a clean reinstall of the docker containers managed by this repo locally, but when I browse to http://localhost:4000/api/schema I still only see:

type LoginResponse {
  currentAccountId: String
  currentUsername: String
}

I would expect to see a token:String right?

Is the docker container of the web app in this repo updated yet? Or is there something I can do / or something I forgot?

And yes I can do requests with a Bearer token in the Authorization header with the client library I use: https://github.com/github/graphql-client.

Thanks!

[densizengin]

Hi Srfsh,

Sounds great, thanks!

I just did a 'make update' and a clean reinstall of the docker containers managed by this repo locally, but when I browse to http://localhost:4000/api/schema I still only see:

type LoginResponse {
  currentAccountId: String
  currentUsername: String
}

I would expect to see a token:String right?

Is the docker container of the web app in this repo updated yet? Or is there something I can do / or something I forgot?

Yes. That's odd. Can you try to fetch the latest repo here, and try to do make update again, please? I forgot to update the Dyne version of some images; maybe you are using that. I just checked from the latest and I can clearly see that LoginResponse has token:string field. And yes I can do requests with a Bearer token in the Authorization header with the client library I use: github/graphql-client.

Thanks! Thanks. ^^

[ocataco]

Mmm, i tried again (deleted everything including docker containers bonfire directrory etc) but can't see the token field in the response. when i do make pull i see:

docker pull bonfirenetworks/reflow:latest latest: Pulling from bonfirenetworks/reflow Digest: sha256:2180e2d4c7f625ba0d505d544b3ba905a3f2a44aa10b2fa8ffacec7dd1177e5c Status: Image is up to date for bonfirenetworks/reflow:latest

and when i do make run: Light that fire... reflow with reflow flavour in prod - 0.1.0-alpha.243 - 9071118 - flavours/reflow

are these the versions you expect?

[densizengin]

Mmm, i tried again (deleted everything including docker containers bonfire directrory etc) but can't see the token field in the response. when i do make pull i see:

docker pull bonfirenetworks/reflow:latest

Yeah, it shouldn't run that. The latest changes to this repo fixes that. I missed that one while moving to our fork.

Can you try to fetch the latest code from this repo and try to run it again?

latest: Pulling from bonfirenetworks/reflow Digest: sha256:2180e2d4c7f625ba0d505d544b3ba905a3f2a44aa10b2fa8ffacec7dd1177e5c Status: Image is up to date for bonfirenetworks/reflow:latest

and when i do make run: Light that fire... reflow with reflow flavour in prod - 0.1.0-alpha.243 - 9071118 - flavours/reflow

are these the versions you expect?

[ocataco]

Thanks, looking great!

{ "data": { "login": { "currentAccountId": "01FF823G83V7BDQ2XA32A3CCGB", "currentUsername": null, "token": "QTEyOEdDTQ.2YgjZgonOZQMhqZHVJyDw4tCVsjlDurVwdHeeMU_PNHAF1s2MsI1-M11MVI.u2fyE6_05p7er6Mu.Oysx-yonU2SqPE6Sw4uFeeRJ9vxyBR8cQcEMC8MLcxs0pnQGjq9Uf_G0veAZYgOD.qXk3cqJYgXYLH18T9_MDkQ" } } }

And after logging in with Bearer in the explorer:

{ "data": { "myAgent": { "id": "01FF823ZX6GFZSDPK8E7TR65WS" } } }

[densizengin]

Thanks, looking great!

{ "data": { "login": { "currentAccountId": "01FF823G83V7BDQ2XA32A3CCGB", "currentUsername": null, "token": "QTEyOEdDTQ.2YgjZgonOZQMhqZHVJyDw4tCVsjlDurVwdHeeMU_PNHAF1s2MsI1-M11MVI.u2fyE6_05p7er6Mu.Oysx-yonU2SqPE6Sw4uFeeRJ9vxyBR8cQcEMC8MLcxs0pnQGjq9Uf_G0veAZYgOD.qXk3cqJYgXYLH18T9_MDkQ" } } }

And after logging in with Bearer in the explorer:

{ "data": { "myAgent": { "id": "01FF823ZX6GFZSDPK8E7TR65WS" } } }

Cool! If everything's alright, I am closing this issue now. ^^