Closing the connection based of subscription and token #261
-
Hello, Graphql-ws works great so far but I have a question regarding authentication. My setup is apollo express server + Graphql Shield for setting up permissions. I've gone through your recipes for custom context value and I am able to send my user data from a token to GraphqlShield. The scenario is this... I have two different subscriptions: one allowed only for LoggedIn Users, and one allowed only for Admin Users... the difference between those two roles is in the authorization token. The permission aspect of the setup works good.... GraphqlShield receives the userData from GraphqlWS and takes the necessary measures. When a user is declined from GraphqlShield, the WebSocket connection is not terminated tho. First of all, is that a problem in terms of security or anything else? If so, how should I be able to terminate the connection? In onConnect and onSubscribe I can't (or I don't know how) verify which of the two subscriptions is being used so I can't close the connection if I want. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 5 replies
-
Sadly I am not familiar with GraphqlShield or its inner workings, so I cannot help in that regard. However, I can tell you that you can indeed terminate the connection from within any callback using the |
Beta Was this translation helpful? Give feedback.
Sadly I am not familiar with GraphqlShield or its inner workings, so I cannot help in that regard. However, I can tell you that you can indeed terminate the connection from within any callback using the
ctx.extra.socket
. Please consult the server-side "ws server and client auth usage with token expiration, validation and refresh" recipe for an exact example.