Preflight script in Laboratory when querying API

[JonasWijkVolvoM]

Great that you added a way to call your own API in Laboratory

We (and probably many others) have a need to add headers for auth purposes. This can be done manually but it is very teadious to do every time plus and would be a blocker for using this feature among our devs on a wider scale forcing us to build and maintain our own Explorer.

Apollo have preflight script capability in their Explorer which can be used to automate this and make the DX good. It would be awesome if you could add something similar or another solution to this problem so that we can use Laboratory as our Explorer.

[jdolle]

This is important to my org as well. It creates a lot of friction for our devs to log in and form the headers themselves, and then refresh the credentials every time they expire.

[n1ru4l]

Can you explain your optimal flow? What would be needed to retrieve the headers?

I assume that we could allow configuring an HTTP endpoint that is called with a secret configured within the targets settings, that will return the headers that should be attached to the request to be sent. In addition to that we could also provide information about the to be sent GraphQL Request (operation, variables, headers, etc.). Would this be sufficient for your needs?

We hesitate to allow running custom JavaScript for preflight scripts as it introduces additional challenges for security and self-hosting.

[jdolle]

I'd like to have a username and password input appear in the lab when this feature is enabled. We need a way for our developers to input the auth credentials in this flow. We have a number of accounts we use for testing that are all in different states.

Having a separate endpoint that is called to perform the authentication would be good. For simplicity, it could be called before every operation to keep the headers refreshed, refresh every so often based on another setting, or ignore session expirations and rely on the user clicking a "login" button to refresh. Any of these would an acceptable developer experience.

[JonasWijkVolvoM]

I think our use-case would be easiest to achieve with a Preflight script. I understand your concern but wouldn't it be up to the client whether or not they want to use the script option or not?