dynamically set auth headers

[mren]

Hello,

I want to use an authorization header with graphiql.
In 058f86b the ability to use auth headers was recently merged. Nice!

In our use case we have the auth token in the browsers localstorage.
Our application has a normal auth flow and graphiql is then using the same auth mechanism.
This helps us (developers) to easily debug queries by using the in browser graphiql with the same auth token.
So I was wondering if it is possible to dynamically set the auth header with graphql-spring-boot.

In vanilla graphiql this would work by modifying fetcher as describer in graphiql/Readme.md

So I was wondering if you see the use case of dynamically retrieving auth tokens from the browser?

I am not sure what the best way of doing this would be.
Maybe it could be possible to allow users of graphql-spring-boot to set fetcher with custom javascript code.

What are your opinion on this?

Have a great day!

[oliemansm]

Hi @mren,

You're the second one in the last couple of weeks asking for something like this... The difficult part is, as you already indicated, what the best way to do this would be. Everybody has different needs or their own way of doing things.

What you're proposing about a way to inject some javascript might just work. If we would have it create the entire fetcher it would override the feature for setting headers through properties as well. That might be a bit confusing. What if we limit it to providing a value for the Authorization header?

Through a property graphiql.authorization-provider-resource or something you could point to the javascript file on the classpath that provides the Authorization header. That file would have to contain a series of statement with a final return statement for returning the value for the Authorization header. Something like this:

return localStorage.token

Because that way we could read the resource in Java and inject it in graphiql.html to be executed.

Still a bit of hacky approach though, but it could work...

[mren]

Hey @oliemansm, thanks for the elaborate reply.

I have to agree with you, I also find it hacky and would expect other engineers coming up who won't have their use case represented.
For our current project we decided to move graphiql to our react code base where we can modify it naturally with javascript.
I think graphql-spring-boot is a very nice tool of software, it helped us to bootstrap our api when we did not yet had an frontend. Now that we have (semi) complicated auth flow and an frontend, it made more sense to move our customizations of graphiql to the frontend.
Thanks for helping us get our work done!

[oliemansm]

Closing this issue now seeing that there doesn't appear to be anybody else interested in this atm, and the original reporter found an alternative solution.