https://kotlinlang.org logo
#graphql-kotlin
Title
# graphql-kotlin
h

hamid

11/17/2021, 9:43 AM
I'm trying to upgrade graphql-kotlin lib from 3.x.x to 5.x.x in our project and I faced a problem in subscription authentication. We used JWT token authentication in the header of websocket request and it worked fine before. But it failed after upgrading to 5.x.x. I did some research and found your example. Then I implemented a
SpringSubscriptionGraphQLContextFactory
but this didn't work too because there is no security context available there. I tried
coroutineContext[ReactorContext]
and
ReactiveSecurityContextHolder.getContext()
but both of them returns null. My question is how can I get the
SecurityContext
in this context factory and populate it in
GraphqlContext
because it is needed for authorisation in our
AuthorizationDataFetcher
?
Strange part is that it can get the security context in integration test with
@WithMockUser
annotation but the context is null in runtime.
n

Nikky

11/17/2021, 12:00 PM
we implement
SpringGraphQLContextFactory<SpringGraphQLContext>
and implement
generateContext
(should switch to
generateContexctMap
eventually..) grabbing header with
Copy code
val authHeader = request.headers().firstHeader("Authorization")
we then parse the headers and instantiate a securityContext, subclass of
SpringGraphQLContext
and our own security context class i did not find any way to reuse security context from a webfilter doing authorization or the like .. that would be cleaner
h

hamid

11/17/2021, 12:09 PM
Yes, I thought about it, but seems like a workaround for me. If there is a way to reuse the generated context from webfilter that would be nice.
s

Shane Myrick

11/17/2021, 9:24 PM
Unfortunately we can not propagate the reactor context into the graphql-java execution as it runs on completable futures, so using the graphql context is the way to go. Is your error related to the version update at all? Was something working in v3 that is not in v5?
One way around this is that you can save info you need in the GraphQL context, then create a custom data fetcher which does a thread local set of any values. You still need to parse the info out of the request first in the context factory though
h

hamid

11/18/2021, 1:39 PM
I did the same and parsed the JWT token to create another SecurityContext to store in the GraphQL context. In version 3, the factory class for Subscription and other GraphQL queries was the same and there the existing SecurityContext was copied to the GraphQL context, but in version 5 these are two separate factories and in the Subscription factory it is not possible to get the SecurityContext from either the Coroutine context or the Reactive context. Therefore, the security context must be created again.
7 Views