admin管理员组

文章数量:1394534

How can I secure a Quarkus GraphQL @Subscription endpoint using Quarkus security mechanisms (e.g. using the @Authenticated annotation, the same way we would do it on a @Query)?

Our Angular frontend uses apollo-angular, and according to the official documentation on WebSocket authentication, the recommended approach is to set the connectionParams object:

const websocketLink = new GraphQLWsLink(createClient({
  url: 'ws://localhost:4000/subscriptions',
  connectionParams: {
    authToken: 'Bearer xyz',
  },
}));

Documentation for connectionParams:

connectionParams: Optional parameters, passed through the payload field with the ConnectionInit message, that the client specifies when establishing a connection with the server. You can use this for securely passing arguments for authentication.

From what I understand, there are no plans to support this in Quarkus, as there is no established standard for passing tokens via WebSockets:

Has anyone ever found a solution for this?

An idea for a workaround could be to use an interceptor to extract the token from the connectionParameters and provide it 'somehow' to the Quarkus security framework, allowing the @Authenticated annotation to function properly. But I haven't been able to make this work...

本文标签: Secure a Quarkus GraphQL Subscription endpointStack Overflow

版权声明:本文标题:Secure a Quarkus GraphQL @Subscription endpoint - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1744100950a2590867.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。