feat(pubsub): v5 - AppSync realtime - pass authToken via subprotocol

[iartemiev]

Description of changes

AppSync Realtime is changing the way it accepts auth tokens when establishing subscription connections.

Today auth tokens are passed in the connection url as a query string param, e.g. wss://api.example.com/graphql?header=<base64_encoded_token>

Going forward, the service expects the client to pass the auth token through as a WS subprotocol:

const url = 'wss://api.example.com/graphql'
const protocols = ['graphql-ws', 'base64url_encoded_token']

new WebSocket(url, protocols)

This change is an implementation detail that does not affect the behavior of the AppSyncRealtime client. AppSync will continue to accept the auth token in query params for existing APIs, so older versions of the Amplify library will work as expected.

Note

The WebSocket Web API prohibits separator characters in subprotocol values, e.g. /, =, which are part of the standard base64 char set. With this change, the auth token is encoded as base64url, which lacks any prohibited characters in its alphabet. AppSync now supports this encoding for auth headers.

Description of how you validated changes

• manual testing
• updated unit tests

Checklist

• PR description included
• yarn test passes
• Unit Tests are changed or added

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.