Open Nosfistis opened 3 years ago
I'll try to find a way to do this, thanks for the suggestion.
Also interested in this - thanks. The auth guard currently throws in trying to access request
after the call to extractRequest
in the auth guard, if trying to use jwts with graphql subscriptions.
In case it helps anyone else, an adaptation of this worked for me: https://github.com/nestjs/docs.nestjs.com/issues/394#issuecomment-582161405
In case it helps anyone else, an adaptation of this worked for me: nestjs/docs.nestjs.com#394 (comment)
Do you possibly still have that code around and could share it?
In case it helps anyone else, an adaptation of this worked for me: nestjs/docs.nestjs.com#394 (comment)
Do you possibly still have that code around and could share it?
No exact sample I can share, sorry, but it is just an adaptation of the steps in the linked comment in the nestjs docs repo. If I remember correctly, the custom/adapted onConnect() method in GraphQLModule.forRootAsync({ -> subscriptions{} -> subscriptions-transport-ws{} -> onConnect() }) is what's key here (step 2).
This is the place to capture and return enough context for the custom auth guard (step 3 in the linked comment) to access the jwt. With my case of graphql + keycloak, it seemed the client was sending the auth token as an initial event immediately after connecting. This initial payload is the first parameter of the onConnect() callback method within subscriptions{ subscriptions-transport-ws{ onConnect => (payload, ws, context) {} } }
Steps 2 & 3 make sure the auth guard can access that jwt, without needing to know it didn't come in the request header. Hope I'm remembering this correctly as it already seems like a while ago. hope it helps.
is someone have an example code to do this
Is it possible to support websockets?
Using the default socket implementation that is suggested by NestJS, this is as easy as adding another case in the
extractRequest
helper. The related information is in thehandshake
, since socket.io 4 provides such info in thehandshake.auth
.Other than that, perhaps the helper itself could be moved to a service, so that it can be overriden and provided to the guard.