feat(server-auth): Update getAuthenticationContext to support cookies and tokens both #10465
+208
−49
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dthyresson
requested changes
Apr 16, 2024
dac09
commented
Apr 16, 2024
dthyresson
approved these changes
Apr 16, 2024
There was a problem hiding this comment.
Discussed with @dac09 and we'll keep the rw-isms of toke and schema (even though token may have cookie info and schema has scheme info).
Just need the cookie vs Cookie in event header update.
…od into feat/gql-auth-context-cookie * 'feat/gql-auth-context-cookie' of github.com:dac09/redwood: fix(router): Remove barrel exports from router.tsx (redwoodjs#10464)
…od into feat/gql-auth-context-cookie * 'feat/gql-auth-context-cookie' of github.com:dac09/redwood: chore(location): Accept URL-like object (redwoodjs#10467)
|
@dthyresson I realised we need to be more careful about this change here. Technically changing the FetchConfigProvider like we have would be a breaking change (if you use a gql client like react-query for example). UPDATE ✅: implemented in a different way! |
dac09
added a commit
to dac09/redwood
that referenced
this pull request
Apr 18, 2024
* 'main' of github.com:redwoodjs/redwood: Revert "chore(location): Accept URL-like object" (redwoodjs#10473) RSC: Be consistent about inlining rollup input (redwoodjs#10472) chore(paths): Remove outdated comment (redwoodjs#10471) feat(server-auth): Update getAuthenticationContext to support cookies and tokens both (redwoodjs#10465) chore(location): Accept URL-like object (redwoodjs#10467) fix(router): Remove barrel exports from router.tsx (redwoodjs#10464) chore(dbauth-mw): Refactor web side dbAuth creation (redwoodjs#10460) chore(router): Prevent circular dependency for namedRoutes (redwoodjs#10463) chore(router): route-validators: Better types and clean up comments (redwoodjs#10462) feat(server-auth): dbAuth 3/3 - handle login, logout, signup, etc. requests if forwarded from middleware (redwoodjs#10457) docs(router): Document new NavLink className replacement behavior (redwoodjs#10401) chore(refactor): Split the router out into smaller logical units (redwoodjs#10434) feat(server-auth): Part 1/3: dbAuth middleware support (web side changes) (redwoodjs#10444) chore(auth): Build: Put ESM at the root, and CJS in /cjs (redwoodjs#10458) fix(ssr): Successfully serve static assets like `favicon.png` (redwoodjs#10455) chore(deps): update chore (redwoodjs#10367) (docs) Fix useCache headers and links (redwoodjs#10451) chore: remove aws-lambda (redwoodjs#10450) chore(deps): update dependency typescript to v5.4.5 (redwoodjs#10452)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Relates to: https://github.com/orgs/redwoodjs/projects/18/views/1?pane=issue&itemId=59446357
1. Updates
getAuthenticationContextto parse the cookie header and pass it to authDecoder.Note that the authentication context itself does not pull out the token from cookies, because with some providers (e.g. supabase) - we don't know the name of the cookie. This is left to the authDecoder implementation.
The return type from this function is actually just a deserialized cookie header i.e.
cookie: auth-provider=one; session=xx/yy/zz; somethingElse=bsbs=>{ 'auth-provider': 'one', session: 'xx/yy/zz', somethingElse: 'bsbs'2. Retains support for header/token based auth
See test on line 259 of
packages/api/src/auth/__tests__/getAuthenticationContext.test.ts. If a theauthorizationandauth-providerheaders are passed in the request (as we do for SPA based auth) - then cookies will take precedenceThe end result is that graphql requests will now work with middleware-based auth providers!