Authentication for graphql subscriptions does not work with @Authenticated

Ask Question

Asked 8 days ago

Modified 8 days ago

Viewed 53 times

I am using Quarkus 3.27.0 and trying to secure GraphQL subscriptions with the @Authenticated annotation. I pass the Authorization header with a valid token when connecting, but the subscription resolver is still not being authenticated.

This is my case :

    @Subscription
    public Multi<EventConsultedBO> eventConsulted(Long destId){
        return notificationService.getStream(destId);
    }

And for the class if have the annotation @Authenticated

I pass this in Header :

{
  "Authorization": "Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJUb2tlbiBBdXRoIiwiY29kZSI6IklHQU1MUyIsImlkUGVyIjoiMTE0NTcxNTciLCJjYXRlZyI6IlNZU1RFTSIsImlzcyI6InZlb3MyIC0gREVWIC0gSFJFR0FJRUciLCJpc29MYW5ndWFnZSI6ImZyIiwibGFuZ3VhZ2UiOiJGIiwiZXhwIjoxNzYzNzI0NTYzLCJpYXQiOjE3NjM3MTM3NjN9.FkvKIkmbYfX1C57Br2cL2Q8WFb0V-GadkPXQdxxnEro"
}

But I get this error of security :

ERROR   [io.smallrye.graphql] [120] SRGQL012000: Data Fetching Error: io.quarkus.security.UnauthorizedException
    at io.quarkus.security.runtime.interceptor.check.AuthenticatedCheck.doApply(AuthenticatedCheck.java:38)
    at io.quarkus.security.runtime.interceptor.check.AuthenticatedCheck.apply(AuthenticatedCheck.java:25)
    at io.quarkus.security.spi.runtime.SecurityCheck.nonBlockingApply(SecurityCheck.java:14)
    at io.quarkus.security.runtime.interceptor.SecurityConstrainer$1.apply(SecurityConstrainer.java:100)
    at io.quarkus.security.runtime.interceptor.SecurityConstrainer$1.apply(SecurityConstrainer.java:97)
    at io.smallrye.context.impl.wrappers.SlowContextualFunction.apply(SlowContextualFunction.java:21)
    at io.smallrye.mutiny.operators.uni.UniOnItemTransformToUni$UniOnItemTransformToUniProcessor.performInnerSubscription(UniOnItemTransformToUni.java:68)
    at io.smallrye.mutiny.operators.uni.UniOnItemTransformToUni$UniOnItemTransformToUniProcessor.onItem(UniOnItemTransformToUni.java:57)
    at io.smallrye.mutiny.operators.uni.builders.UniCreateFromKnownItem$KnownItemSubscription.forward(UniCreateFromKnownItem.java:38)
    at io.smallrye.mutiny.operators.uni.builders.UniCreateFromKnownItem.subscribe(UniCreateFromKnownItem.java:23)

asked Nov 21 at 9:51

Houssem

11 bronze badge

Do you pass the authorization header as a HTTP header during the initial request, or later during the initialization phase as the init payload? If you're doing the latter, you need to also specify quarkus.smallrye-graphql.authorization-client-init-payload-name=Authorization to tell Quarkus which field in the init payload is the authorization token

Jan Martiška
– Jan Martiška

2025-11-21 11:50:59 +00:00
Commented Nov 21 at 11:50

Add a comment |

0 Your Answer

Sign up or log in

Post as a guest

Name

Required, but never shown

Post as a guest

Name

Required, but never shown

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.

Collectives™ on Stack Overflow

Authentication for graphql subscriptions does not work with @Authenticated

0

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

0

Know someone who can answer? Share a link to this question via email, Twitter, or Facebook.

Your Answer

Sign up or log in

Post as a guest