Closed mfechner closed 5 years ago
@zuohuadong thanks a lot for your links. I had a look into it and the first example does not use passport. I exactly have the problem with passport and graphql together. And I would like to stick to passport, as it does not make sense to write this all again what is already existing and well tested.
The second example has no graphql endpoint. In my example the AuthGuard for the REST endpoint works fine but does not for the graphql. So exactly the part I do not understand in the NESTJS manual is not included here.
https://github.com/ForetagInc/fullstack-boilerplate/tree/master/apps/api/src/app/auth
You need to use a separate guard for your GraphQL endpoints which uses the GqlExecutionContext
@marcus-sa thanks a lot for this link. I fixed it now with this commit: https://github.com/mfechner/nest-graphql-apollo-auth-passport/commit/61bf51a392879f27d7438afa9508cd2280e3de8f
The main problem I had here is, that it was not clear for me that I must use an extra guard and cannot use the same guard I use for the REST endpoints.
I followed now the same logic to also protect a subscription so I changed:
@Subscription('catCreated')
catCreated() {
return {
subscribe: () => pubSub.asyncIterator('catCreated'),
};
}
to
@Subscription('catCreated')
@UseGuards(GqlAuthGuard)
catCreated() {
return {
subscribe: () => pubSub.asyncIterator('catCreated'),
};
}
but it does not work, I can subscribe to it without any authorization.
How can I protect the subscription correctly?
You can't do this in a Nesty way yet, unfortunately. You can only use a root guard for protecting your subscriptions.
@marcus-sa thanks for clarification, as this is already existing, I close this issue, thanks.
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
I'm submitting a...
Current behavior
I followed the documentation here to setup graphql with passport authentication: https://docs.nestjs.com/techniques/authentication
I put everything together in small sample project that can be found here: https://github.com/mfechner/nest-graphql-apollo-auth-passport
But I do not understand how to get the modifications into the project that passport works with GraphQL endpoint. Could the manual here maybe be improved a little bit, that it is more clear here (which file has to be modified and what has to be imported, ...)
Expected behavior
Accessing the graphql endpoint should give a FORBIDDEN if no valid jwt is provided like it is for the REST endpoint
http://localhost:3000/api/cats/getCats
.Minimal reproduction of the problem with instructions
https://github.com/mfechner/nest-graphql-apollo-auth-passport
What is the motivation / use case for changing the behavior?
I currently do an evaluation if nest is the framework we should go with.
Environment