I m trying to upgrade graphql kotlin lib from 3 x x to 5 x x

Question

I m trying to upgrade graphql kotlin lib from 3 x x to 5 x x in our project and I faced a problem in subscription authentication We used JWT token authentication in the header of websocket request and it worked fine before But it failed after upgrading to 5 x x I did some research and found your example Then I implemented a `SpringSubscriptionGraphQLContextFactory` but this didn t work too because there is no security context available there I tried `coroutineContext ReactorContext ` and `ReactiveSecurityContextHolder getContext ` but both of them returns null My question is how can I get the `SecurityContext` in this context factory and populate it in `GraphqlContext` because it is needed for authorisation in our `AuthorizationDataFetcher`

hamid · Answer

Strange part is that it can get the security context in integration test with ` WithMockUser` annotation but the context is null in runtime

Nikky · Answer

we implement `SpringGraphQLContextFactory lt SpringGraphQLContext gt ` and implement `generateContext` should switch to `generateContexctMap` eventually grabbing header with ```val authHeader = request headers firstHeader Authorization ``` we then parse the headers and instantiate a securityContext subclass of `SpringGraphQLContext` and our own security context class i did not find any way to reuse security context from a webfilter doing authorization or the like that would be cleaner

hamid · Answer

Yes I thought about it but seems like a workaround for me If there is a way to reuse the generated context from webfilter that would be nice

Shane Myrick · Answer

Unfortunately we can not propagate the reactor context into the graphql java execution as it runs on completable futures so using the graphql context is the way to go Is your error related to the version update at all Was something working in v3 that is not in v5

Shane Myrick · Answer

One way around this is that you can save info you need in the GraphQL context then create a custom data fetcher which does a thread local set of any values You still need to parse the info out of the request first in the context factory though

hamid · Answer

I did the same and parsed the JWT token to create another SecurityContext to store in the GraphQL context In version 3 the factory class for Subscription and other GraphQL queries was the same and there the existing SecurityContext was copied to the GraphQL context but in version 5 these are two separate factories and in the Subscription factory it is not possible to get the SecurityContext from either the Coroutine context or the Reactive context Therefore the security context must be created again