GraphQL Endpoint Authorization

[sarmstead]

Description

I am creating an application that plans to consume the GraphQL endpoint (https://0kadddxyh3.execute-api.us-east-1.amazonaws.com/graphql).

However, when provided with a valid bearer token (e.g. a token that works with a REST endpoint), a call to the GraphQL endpoint returns a 403 error with the message: User is not authorized to access this resource.

I also noticed that the schema in the Apollo Playground is not populating and has a Schema Introspection Failure message, which could be a related or separate issue (see screenshot below).

Steps to Reproduce

1. Fetch bearer token
2. Query movies resource using bearer token from step 1 (I've tried this using JavaScript and Postman).

@jesus4497, @mimurawil, or @dustinsgoodman, could one of you help me diagnose and squash this bug?

[dustinsgoodman]

Hi @sarmstead - this appears to be an issue with the Apollo playground. We can look into this but it's a very low priority for us and we probably won't be able to look for a while. I did throw the info into Postman's GraphQL and it worked fine. You just need to make sure the token you provided is set to the Authorization header as Bearer <token> when making requests. Below is an example:

Please try other introspection tooling in the meantime. That being said, this API is intended for low usage. If you are looking to do a production grade implementation, we kindly ask that you fork this and host your own solution. We can help provide the seed data but the infrastructure this is deployed to isn't intended for usage at scale.

[sarmstead]

Thank you for your response @dustinsgoodman ! And thank you for providing the screenshot. Looks like I had my query written improperly (I used a lowercase value instead of uppercase for the field value).

And no worries about scaling for the application I'm building. It's a demo application, so very low usage.

Cheers ✌🏽