Postman is an API platform for building and using APIs. Postman simplifies each step of the API lifecycle and streamlines collaboration so you can create better APIs—faster.
[X] I have searched the existing issues for this feature request and I know that duplicates will be closed
Is your feature request related to a problem?
Our GraphQL subscriptions require an auth token in the connection_init payload of the graphql-transport-ws standard to authenticate connections.
The websocket standard doesn't allow setting an authentication header when opening a socket, so the existing GraphQL Authorization options do not reflect real-world authorization options. The connection_init payload is a workaround for this problem allowing an up-front authorization phase before normal traffic begins.
In practice, the payload is currently always sent as null.
Describe the solution you'd like
I would like the ability to specify the payload for connection_init either explicitly through a new tab alongside parameters like header and schema, or I would like to have the headers replicated into the payload automatically which is how the graphql-playground solved this problem.
Describe alternatives you've considered
I have thought about trying to adopt additional code on the server to manually intercept the connect_init payload and inject authorization from the headers of the original websocket handshake (which would only be present when using non-browser clients like postman), but do not want to incur the overhead and complexity of forwarding the headers for every socket handshake.
I also have considered adding the ability to inject a default payload into the server as a fallback for development environments, but that would make regression testing useless against staging servers where I would never want to spoof authorization.
Is there an existing request for this feature?
Is your feature request related to a problem?
Our GraphQL subscriptions require an auth token in the connection_init payload of the
graphql-transport-wsstandard to authenticate connections.The websocket standard doesn't allow setting an authentication header when opening a socket, so the existing GraphQL Authorization options do not reflect real-world authorization options. The
connection_initpayload is a workaround for this problem allowing an up-front authorization phase before normal traffic begins.In practice, the payload is currently always sent as null.
Describe the solution you'd like
I would like the ability to specify the payload for
connection_initeither explicitly through a new tab alongside parameters like header and schema, or I would like to have the headers replicated into the payload automatically which is how the graphql-playground solved this problem.Describe alternatives you've considered
I have thought about trying to adopt additional code on the server to manually intercept the
connect_initpayload and inject authorization from the headers of the original websocket handshake (which would only be present when using non-browser clients like postman), but do not want to incur the overhead and complexity of forwarding the headers for every socket handshake.I also have considered adding the ability to inject a default payload into the server as a fallback for development environments, but that would make regression testing useless against staging servers where I would never want to spoof authorization.
Additional context
No response