6

I am trying to implement authentication in Graphql using firebase and websockets (on react native).

The client uses the firebase to authenticate and gets a token. It then sends the token to the server over a websocket client, which validates the user using the admin sdk.

I am facing two problems:

  1. When the app boots up, it establishes a ws connection which by that time, it has no authorization header. The user gets a token after a while using firebase.

  2. The token expires after some time, so after a while I need to update the authorization header in the websocket connection, and re-run the query, mutation or subscription which got rejected because of the expired token.

Is there a way to update the authorization header and re-run the query?

Do I need to close the previous connection and open a new one using the new token in the authorization header? How is this done?

I am using apollo-server, apollo-client, apollo-link, subscriptions-transport-ws.

Improve this question
5
  • Do you find way for it ? I am on same issue. Commented Feb 14, 2018 at 7:10
  • You can have a look at these 2 open issues: [link] (github.com/apollographql/subscriptions-transport-ws/issues/171) [link] (github.com/apollographql/subscriptions-transport-ws/issues/293) currently these are the only solutions. You basically need to restart the connection in order to pass the new token @JavascriptHuppTechnologies Commented Feb 18, 2018 at 10:28
  • Thanks for your help @perrosnk Commented Feb 19, 2018 at 5:10
  • @JavascriptHuppTechnologies are you developing for android too? Commented Feb 19, 2018 at 11:15
  • No i am developing it on reactjs framework and i faced issue with token, because apollo connected to link before authentication but now fixed. Commented Feb 19, 2018 at 13:03

1 Answer 1

Reset to default
7

I haven't run into your exact issue before, but you should check out connectionParams field. If on startup a new websocket client is created, you can fetch a new token asynchronously in the connectionParams.

import { createClient } from 'graphql-ws';

export const createWebsocketClient = (user) => createClient({
  url: 'ws://localhost:8080/v1/graphql',
  connectionParams: async () => {
    const token = await user.getToken();
    return {
      headers: {
        Authorization: `Bearer ${token}`,
      },
    };
  },
});

The token is only sent when initializing the connection, so even if the token expires after the initializing, it shouldn't be a problem.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

In this example getToken is assumed to emit a new token once the old one expires? In my app the problem is that the old token expires and i need to update the connectionParams's authToken field. I have a Subject that emits an event when the token expires, I can use that instead?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.