Skip to content

Quarkus/Smallrye.GraphQl Authenticated subscription #45333

Closed Answered by jmartisk
rast4 asked this question in Q&A
Discussion options

You must be logged in to vote

Ok, so I was able to reproduce the problem using the graphiql UI, but it actually works when I do the same using a regular (programmatic) graphql client. For subscriptions, Graphql-ui doesn't seem to be sending the Authorization header that you set in the UI. Looking at the browser's debugging console, it's not there, and that's why it doesn't work. I'm not sure how graphiql is supposed to handle this, but it may be something that we could fix on our side.

The reason it gets through the initial handshake (and creates the websocket connection) is that you only have placed security checks on the GraphQL operations, but not on the Quarkus HTTP server as a whole. But then the websocket channe…

Replies: 3 comments 3 replies

Comment options

You must be logged in to vote
0 replies
Comment options

You must be logged in to vote
0 replies
Comment options

You must be logged in to vote
3 replies
@jmartisk
Comment options

jmartisk Jan 3, 2025
Collaborator

Answer selected by rast4
@rast4
Comment options

@jmartisk
Comment options

jmartisk Jan 3, 2025
Collaborator

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
2 participants