Setting up Separate endpoint for APIs with Socket

[riddhiftw]

Summary

While trying to setup /api for API only auth, not able to get websocket working for /graphql.

Additional context

I set up /api as separate express instance and managed plugins including passport for that, I am keeping web with session authentication and JWT for api authentication.

While I get graphql endpoint for /graphql and /api/graphql but websocket is only being enabled with one of the endpoint. Not getting idea as what I should do for this?

I would like to hear other ways as well if its possible to implement both type of authentications without doing something so silly that I did.

[benjie]

Why two separate express instances?

[riddhiftw]

Thing is I am using /graphql for web endpoint which use middleware and authentication with session, while mobile application is being authenticated with JWT Token only. What should be possibilities other than this?

[benjie]

There's no particular reason you can't support JWT and sessions on the same endpoint - what issue are you facing when you try and do this?

[riddhiftw]

Issue is that when I am attaching JWT middleware, I am getting unauthorized, if I don't add JWT headers, while in API case session cookies won't be there. So I am bit confused as how to merge these two.

[benjie]

You're probably looking for the credentialsRequired: false option to the JWT middleware. https://github.com/auth0/express-jwt#error-handling

[riddhiftw]

Ah, it was that simple, Thanks @benjie for the help.