Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Subscription authorization #1319

Closed
Alan5142 opened this issue Dec 31, 2019 · 3 comments
Closed

Subscription authorization #1319

Alan5142 opened this issue Dec 31, 2019 · 3 comments
Assignees
@michaelstaib
Labels
📚 documentation This issue is about working on our documentation. ❓ question This issue is a question about feature of Hot Chocolate.
Milestone
HC-10.4.0

Comments

@Alan5142
Copy link

I have a question, how can I use authorization in subscriptions?
Below is my app configuration

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    app.UseStaticFiles();
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
    else
    {
        app.UseSpaStaticFiles();
        app.UseExceptionHandler("/Error");
        app.UseHsts();
    }


    app.UseAuthentication();
    app.UseAuthorization();

    app.UseRouting();
    app.UseWebSockets()
        .UseGraphQL("/api/graphql/")
        .UsePlayground("/api/graphql/")
        .UseGraphQLSubscriptions(new SubscriptionMiddlewareOptions
        {
            Path = "/api/graphql/"
        });
    app.UseHangfireDashboard();

    app.UseEndpoints(endpoints =>
    {
        // Mapping of endpoints goes here:
        endpoints.MapControllers();
    });

    app.UseSpa(spa =>
    {
        spa.Options.SourcePath = "web-app";
        if (env.IsDevelopment())
        {
            spa.UseAngularCliServer(npmScript: "start");
        }
    });
}

Authorization works in Query and Mutation but in Subscription ClaimsPrincipal doesn't exist, so I think the token is not being sent to the server.

Subscription user is not authorized

imagen

Mutation authorization

imagen
@michaelstaib
Copy link
Member

Authentication over web sockets works differently, read the following issue on ASP.NET Core for more infos:

dotnet/aspnetcore#2881

@michaelstaib michaelstaib self-assigned this Dec 31, 2019
@michaelstaib michaelstaib added 📚 documentation This issue is about working on our documentation. ❓ question This issue is a question about feature of Hot Chocolate. labels Dec 31, 2019
@michaelstaib michaelstaib added this to the 10.3.0 milestone Dec 31, 2019
@michaelstaib michaelstaib modified the milestones: HC-10.3.0, HC-10.4.0 Jan 20, 2020
@promontis promontis mentioned this issue Jul 29, 2020
Closed
@alhe99
Copy link

alhe99 commented Feb 9, 2021
edited
Loading

@Alan5142 did you solved authentication implementation in Subscription, I Have the sam problem with Hot Chocolate 11?

@Alan5142
Copy link
Author

@AlonsoHernandez99 IIRC I sent the authorization code in the query string but ain't secure. You can send the token in a header, keep in mind that you need to handle this in a custom JwtBearerEvents

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@michaelstaib michaelstaib

Labels
📚 documentation This issue is about working on our documentation. ❓ question This issue is a question about feature of Hot Chocolate.
Projects
None yet
Milestone
HC-10.4.0
Development

No branches or pull requests
3 participants
@michaelstaib @Alan5142 @alhe99