ActionCable endpoint not working with Authorization Bearer (tested with Node JS script, Postman or .NET Client)

[using-system]

Hello,

I'm trying to make test with onCurrentUserWasUpdated subscription with Authorization Bearer authentication

Endpoint

wss://ws.sorare.com/cable

Headers

Authorization : Bearer  *****
JWT-AUD : *****

Requests

{"command":"subscribe","identifier":"{\"channel\":\"GraphqlChannel\"}"} Then {"command":"message","identifier":"{\"channel\":\"GraphqlChannel\"}","data":"{\"query\":\"\\r\\nsubscription onCurrentUserWasUpdated {\\r\\n currentUserWasUpdated {\\r\\n cardCounts { common }\\r\\n } \\r\\n}\\r\\n\",\"variables\":null,\"operationName\":\"onCurrentUserWasUpdated\",\"action\":\"execute\"}"}

Responses

{
    "identifier": "{\"channel\":\"GraphqlChannel\"}",
    "type": "confirm_subscription"
}

Then

{
    "identifier": "{\"channel\":\"GraphqlChannel\"}",
    "message": {
        "result": {
            "errors": [
                {
                    "message": "Not authorized to access Subscription.currentUserWasUpdated",
                    "locations": [
                        {
                            "line": 1,
                            "column": 14
                        }
                    ],
                    "path": [
                        "currentUserWasUpdated"
                    ]
                }
            ]
        },
        "more": false
    }
}

Test with...

Tested with a node JS client, WebSocketClient in .NET and with Postman client. Same results... --> Not authorized to access Subscription.currentUserWasUpdated

Other subscription neededs authorization (depth > 5) return the error "Query has depth of 6, which exceeds max depth of 5 instead. Using an APIKEY the limit would be 10." (with Authorization header).

The same bearer token working with https endpoints.

What did I forget ?

NODE JS code

Based from code https://github.com/sorare/api/blob/master/examples/subscribeAllCardUpdates.js

const { ActionCable } = require('@sorare/actioncable');

const cable = new ActionCable({
  headers: {
     'Authorization': `Bearer *****`,
    // 'APIKEY': '<YourOptionalAPIKey>'
  }
});

cable.subscribe('currentUserWasUpdated {  cardCounts { common } }', {
  connected() {
    console.log("connected");
  },

  disconnected(error) {
    console.log("disconnected", error);
  },

  rejected(error) {
    console.log("rejected", error);
  },

  received(data) {
    if (data?.result?.errors?.length > 0) {
      console.log('error', data?.result?.errors);
      return;
    }
    const currentUserWasUpdated= data?.result?.data?.currentUserWasUpdated;
    if (!currentUserWasUpdated) {
      return;
    }
    const { cardCounts } = currentUserWasUpdated;
    console.log('card count', cardCounts);
  }
});

Postman screenshots

[using-system]

WIth an Api Key + Authorization, it still doesn't seem to work :(

const cable = new ActionCable({
  headers: {
     'Authorization': 'Bearer ****',
     'JWT-AUD': '*****',
     'APIKEY':  '****'
  }
});

Any help would be appreciated :)

[jmaupoux]

+1 anyone ?

[redox]

Hey everyone, we've deploy some fixes on our websockets and both the APIKEY and/or JWT tokens should now be supported. Thank you for your patience!

[arenoux]

Can anyone here confirm that @redox fixes are working ? On my side I still observe the same behavior as @using-system and @jmaupoux :'(

Tried with Authorization + JWT-AUD headers...

[R77S77]

Unfortunately not, i still get "Not authorized to access Subscription.currentUserWasUpdated"

[arenoux]

@redox... Unfortunately I think this issue should be re-opened

[rbdm-qnt]

Doesn't work for me either

[sorareway]

Unfortunately, currentUserWasUpdated doesn't work for me as well. The same issue with offerWasUpdated that also requires user to be authorized: https://github.com/sorare/api/issues/370

[rbdm-qnt]

Was there ever any update on this issue?