Unauthorized for Private graphql query

[all9lives]

Thanks for creating this repo, it's a great starting off point.

I was able to get everything working with Cognito hosted auth pages, and I can access /private and /profile endpoints without issue. But when I try to load the protected graphql operations, in the playground I get an unauthorized error, even when I added the Bearer authorization header.

Any tricks for this? I'm just getting the JWT from the session cooking.

Here is the response.

{
  "errors": [
    {
      "message": "Unauthorized",
      "locations": [
        {
          "line": 9,
          "column": 3
        }
      ],
      "path": [
        "whoAmI"
      ],
      "extensions": {
        "code": "INTERNAL_SERVER_ERROR",
        "exception": {
          "response": {
            "statusCode": 401,
            "message": "Unauthorized"
          },
          "status": 401,
          "message": "Unauthorized",
          "stacktrace": [
            "Error: Unauthorized",
            "    at GqlAuthGuard.handleRequest (/app/node_modules/@nestjs/passport/dist/auth.guard.js:64:30)",
            "    at /app/node_modules/@nestjs/passport/dist/auth.guard.js:48:128",
            "    at /app/node_modules/@nestjs/passport/dist/auth.guard.js:82:24",
            "    at allFailed (/app/node_modules/passport/lib/middleware/authenticate.js:107:18)",
            "    at attempt (/app/node_modules/passport/lib/middleware/authenticate.js:180:28)",
            "    at JwtAuthStrategy.strategy.fail (/app/node_modules/passport/lib/middleware/authenticate.js:302:9)",
            "    at JwtAuthStrategy.JwtStrategy.authenticate (/app/node_modules/passport-jwt/lib/strategy.js:96:21)",
            "    at attempt (/app/node_modules/passport/lib/middleware/authenticate.js:366:16)",
            "    at authenticate (/app/node_modules/passport/lib/middleware/authenticate.js:367:7)",
            "    at /app/node_modules/@nestjs/passport/dist/auth.guard.js:87:3",
            "    at new Promise (<anonymous>)",
            "    at /app/node_modules/@nestjs/passport/dist/auth.guard.js:79:83",
            "    at GqlAuthGuard.<anonymous> (/app/node_modules/@nestjs/passport/dist/auth.guard.js:48:36)",
            "    at Generator.next (<anonymous>)",
            "    at /app/node_modules/@nestjs/passport/dist/auth.guard.js:20:71",
            "    at new Promise (<anonymous>)"
          ]
        }
      }
    }
  ],
  "data": null
}

Appreciate any insights you have 🙏🏼

[thisismydesign]

Does a protected graphql endpoint work otherwise and it's only the playground where you have issues?

[all9lives]

@thisismydesign thanks for your response.

I've also tried with Postman and get the same 401 Unauthorized response.

I'm just using your starter repo, with Cognito config added to the env file.

[all9lives]

I was able to get authorization to work actually. It looks like in PR #29 you're no longer extracting the JWT from the AuthHeader.

So by checking for Auth Header and extracting the JWT in JwtAuthStrategy it works like a charm.

[thisismydesign]

Cool, thanks! If you think the readme could be improved to reflect this, I'm happy to accept a pr.

[thisismydesign]

@all9lives This turned out to be a simple configuration option as explained here: https://stackoverflow.com/a/68164992/2771889

I enabled it by default: https://github.com/thisismydesign/nestjs-starter/pull/76