How to validate the auth token with express middleware

This page describes how we can validate the auth token by setting the token field in the context field. The same process however, does not work with the express middleware server that we are using.

Because of that, we had to write a custom function to validate the auth token using jsonwebtoken library:

import JWT from "jsonwebtoken";

app.use('/graphql',
  cors<cors.CorsRequest>(),
  express.json(),
  expressMiddleware(server, {
    context: async ({ req }) => ({
      sessionConfig: {
        jwt: verifyTokenAndReturnPayload(req.headers.authorization)
      }
    })
  }));

/**
 * Verify token and return payload in case of successful verification. 
 * Else throw GraphQLError back as response to the request
 * 
 * @param authHeader 
 * @returns 
 */
function verifyTokenAndReturnPayload(authHeader: string){
  try {
    return JWT.verify(authHeader.split(' ')[1], token_secret);
  } catch (error) {
    console.log(error)
    throwAuthError();
  }
}

/**
 * Throw GraphQLError indicating user authentication failure
 */
function throwAuthError() {
  throw new GraphQLError('User is not authenticated', {
    extensions: {
      code: 'UNAUTHENTICATED',
      http: { status: 401 },
    },
  });
}

I would be happy to contribute this to the library so that the users would not have to write such a function themselves. However, I also feel that there is a missing link or a bug somewhere in the library as the automatic token validation is there with the standalone server, but not with the express middleware server. So, wanted to bring this up and see if we can resolve it.

neo4j / docs-graphql

How to validate the auth token with express middleware #152