A modern programming language that makes developers happier.

kotlinlang

Hi all :wave: Can anyone give me a hint on how to get a Ktor server to use the `Authorization` information from the `connection_init` message of a websocket connection for authentication? I have installed the `Authentication` plugin - works fine for regular JWT Bearer Tokens in the `Authorization` header of regular HTTP requests - and also set up a `ContextFactory` for subscriptions can handle the authorization part.

Unfortunately, the authentication part doesn't work yet, as it seems like the `connection_init` message isn't used by the `Authentication` plugin to set up the principal. The client used is `graphql-ws` and it looks like adding the auth information to `connection_init` is the only supported method. I read <https://github.com/graphql/graphql-over-http/pull/140#issuecomment-703109328|this comment> about how using regular HTTP headers for websockets might not be a good idea and think that probably there _is_ some way to get Ktor to use the `connection_init` payload. Any ideas / reading material?

Update: managed to implement this within the Expedia GraphQL Library using its `SubscriptionsContextFactory` and checking the `params` of its `generateContext` method. Then I parse the `Authorization` param, decode the JWT and set the account into the context.
So in the end, the Ktor authentication plugin wasn't even used after all.