I'm trying to upgrade graphql-kotlin lib from 3.x.x to 5.x.x in our project and I faced a problem in subscription authentication. We used JWT token authentication in the header of websocket request and it worked fine before. But it failed after upgrading to 5.x.x. I did some research and found your example. Then I implemented a

SpringSubscriptionGraphQLContextFactory

but this didn't work too because there is no security context available there. I tried

coroutineContext[ReactorContext]

and

ReactiveSecurityContextHolder.getContext()

but both of them returns null. My question is how can I get the

SecurityContext

in this context factory and populate it in

GraphqlContext

because it is needed for authorisation in our

AuthorizationDataFetcher

?

we implement

SpringGraphQLContextFactory<SpringGraphQLContext>

and implement

generateContext

(should switch to

generateContexctMap

eventually..) grabbing header with

val authHeader = request.headers().firstHeader("Authorization")

we then parse the headers and instantiate a securityContext, subclass of

SpringGraphQLContext

and our own security context class i did not find any way to reuse security context from a webfilter doing authorization or the like .. that would be cleaner

Yes, I thought about it, but seems like a workaround for me. If there is a way to reuse the generated context from webfilter that would be nice.

Unfortunately we can not propagate the reactor context into the graphql-java execution as it runs on completable futures, so using the graphql context is the way to go. Is your error related to the version update at all? Was something working in v3 that is not in v5?

I did the same and parsed the JWT token to create another SecurityContext to store in the GraphQL context. In version 3, the factory class for Subscription and other GraphQL queries was the same and there the existing SecurityContext was copied to the GraphQL context, but in version 5 these are two separate factories and in the Subscription factory it is not possible to get the SecurityContext from either the Coroutine context or the Reactive context. Therefore, the security context must be created again.